Virtual Server not forwarding to Website

Question

I'm trying to setup the F5 to takeover our reverse proxy functionality for websites.  But when I've tested the site externally it does not display.  I can see it hitting the Virtual server but is not using the traffic policy to forward to the correct server.&nbsp;
The F5 sits behind our firewall and we NAT our external IP address to the F5 Virtual Server Address on it's external interface.  From their I've created a traffic policy to forward the request to the node hosting the website. The web server is on the same subnet as the internal IP of the F5.&nbsp;
I did initially create a VS with an internal IP address to test the connection with the traffic policy and that worked.&nbsp;
I suspect I've missed something obvious.  Does anyone have any suggestions?&nbsp;

martijn_van_de1 · Answer

Hi,&nbsp;
Several things you can check.&nbsp;
Is the internal IP-address of the F5 configured as default gateway on the webservers? If not, yu should configure AutoMap or SNAT. (If you have a F5 cluster, the default gateway should be the Float IP-addres).&nbsp;
Have you checked traffic on the internal and external interface of the F5 with tcpdump? Do you see traffic leaving the internal interface to the webservers?&nbsp;
Is all OK within the Network Map?&nbsp;
Create a simple setup without traffic policy. Just VIP -&gt; Pool -&gt; Node. Use a simple built-in Monitor and if SSL is needed, use the built-in SSL profiles. If this is working, add custom SSL profiles, Monitors and traffic policies to your configuration. But do it step by step so you can find out which part is causing the problem.&nbsp;
Regards,
Martijn&nbsp;

martijn_144688 · Answer

Hi,&nbsp;
Several things you can check.&nbsp;
Is the internal IP-address of the F5 configured as default gateway on the webservers? If not, yu should configure AutoMap or SNAT. (If you have a F5 cluster, the default gateway should be the Float IP-addres).&nbsp;
Have you checked traffic on the internal and external interface of the F5 with tcpdump? Do you see traffic leaving the internal interface to the webservers?&nbsp;
Is all OK within the Network Map?&nbsp;
Create a simple setup without traffic policy. Just VIP -&gt; Pool -&gt; Node. Use a simple built-in Monitor and if SSL is needed, use the built-in SSL profiles. If this is working, add custom SSL profiles, Monitors and traffic policies to your configuration. But do it step by step so you can find out which part is causing the problem.&nbsp;
Regards,
Martijn&nbsp;

chris_richards_ · Answer

Hi Martijn&nbsp;
Thanks for the advice.  Started again and I've got it working. I had an SSL client profile which was causing me the problem. Will take a look at SSL profilelater.&nbsp;
I said it would be an obvious in the end.&nbsp;
Regards&nbsp;
Chris &nbsp;

chris_richards_ · Answer

Hi Martijn&nbsp;
Thanks for the advice.  Started again and I've got it working. I had an SSL client profile which was causing me the problem. Will take a look at SSL profilelater.&nbsp;
I said it would be an obvious in the end.&nbsp;
Regards&nbsp;
Chris &nbsp;

Forum Discussion

Virtual Server not forwarding to Website

4 Replies

Recent Discussions

What are the different phases in DevOps?

Create a CSR and Key using the BigIP LTM GUI when renewing a certificate

F5 Rseries HA

Error when running bigip_command Playbook against LTM : Syntax Error: unexpected argument /bin/sh\n

Can iRule be used to perform exception of IPI category based on Geolocation

Related Content

Troubeshooting website connection

Use BIG-IP LTM Virtual Server & iRule for an internal "What's My IP" website

Restricting Access to Virtual from client IP address in X-Forwarder-For HTTP header

Integrating SSL Orchestrator with Fortinet FortiGate Virtual Edition as a Virtual Wire

F5 Websites Accessibility Survey