Inside Server Cant reach Internet through F5

Question

Hi,&nbsp;
we have inside server and needs to allow internet access to that server through F5 node.based on the requirement I configured IP forwarding virtual server with SNAT (public IP) to Internet.&nbsp;
I can see traffic on Internet firewall that NAT happening on F5 but still internet website is not accessible. I configured IP forwarding Virtual server as per attached pic.&nbsp;
Please suggest if anything I needs to do to fix this issue.&nbsp;

martijn_van_de1 · Answer

Hi Korai,&nbsp;
How is name resolving configured on the inside server? Also through the F5 forwarding VS?
If that is the case, you need a forwarding virtual server that is listening on port 53 (DNS).
Or modify the virtual server to listen on all ports.&nbsp;
You crossed out the destination IP in the forwarding virtual server so I think you put one of your own IP-addresses there. In a forwarding virtual server, the destination should be 0.0.0.0/0&nbsp;
Hope this helps.&nbsp;
Regards,&nbsp;
Martijn&nbsp;

martijn_144688 · Answer

Hi Korai,&nbsp;
How is name resolving configured on the inside server? Also through the F5 forwarding VS?
If that is the case, you need a forwarding virtual server that is listening on port 53 (DNS).
Or modify the virtual server to listen on all ports.&nbsp;
You crossed out the destination IP in the forwarding virtual server so I think you put one of your own IP-addresses there. In a forwarding virtual server, the destination should be 0.0.0.0/0&nbsp;
Hope this helps.&nbsp;
Regards,&nbsp;
Martijn&nbsp;

korai_331784 · Answer

Hi,&nbsp;
Thanks for response, Yes I put destination as 0.0.0.0/0 as its towards internet.
regarding port 53 for DNS, I can test it with all ports but we have flow like this&nbsp;
host----proxy----fw---ip_forwarding_VS----Internet&nbsp;

korai_331784 · Answer

Hi,&nbsp;
Thanks for response, Yes I put destination as 0.0.0.0/0 as its towards internet.
regarding port 53 for DNS, I can test it with all ports but we have flow like this&nbsp;
host----proxy----fw---ip_forwarding_VS----Internet&nbsp;

martijn_144688 · Answer

HI,&nbsp;
So the proxy will setup the connection to the internet. Correct?&nbsp;
So the proxy must be able to contact DNS servers and do HTTP and HTTPS.
If you do not use an internal DNS server, but one on the internet, the forwarding VS must be configured to listen on port 53 also. This means a second VS or a VS configured with all ports.&nbsp;
Did you look create network traces to see what is going on?&nbsp;
Regards, &nbsp;
Martijn&nbsp;

Forum Discussion

Inside Server Cant reach Internet through F5

7 Replies

Recent Discussions

Error while running ansible

ASM instance creation

[ASM] - what is "Browser Challange file" ?

[ASM] - HTML5 Cross-Domain Request Enforcement - CLI command

Reverse Proxy Not Behaving

Related Content

Internet of Insider Threats

Protect an application exposed on Internet with F5 XC WAAP

Bgp inside ipsec tunnel

F5 APM VPN Choking Internet Bandwidth

Unbreaking the Internet and Converting Protocols