js_168189
Feb 28, 2019Nimbostratus
Health Check when VIP and Node in different VLANS
I have an VIP in one VLAN 192.168.30.x that is a VLAN/DMZ behind a firewall The Nodes for that VIP are in another VLAN/DMZ interface behind the same firewall but different DMZ interface 192.168.10.X VIP is configured using SNAT automap.
So health monitor traffic from 192.168.30.x to 192.168.10.x has to go through the firewall for filtering.
I will fix this, but for now the health monitors for the pool source self IP 192.168.30.5 and route to the firewall 192.168.30.1 to get to 192.168.10.x since the default route of the LTM is 192.168.30.1.
Is this expected behavior? Seems like the health check should source self IP in 192.168.10.x.
Also is the behavior of client side traffic goes: -Firewall-DMZ-30--->F5 vip 192.168.30.x---->SNAT--->nodes 192.168.10.x -or- -Firewall-DMZ-30--->F5 vip 192.168.30.x---->SNAT--->FirewallDMZ-10--->nodes 192.168.10.x
Please advise