Forwarding Virtual Server, Fast L4, and TCP?

Question

We have BIPs in front of our LDAP environment.  We have a requirement to only allow connections to LDAP (port 389) through our configured virtual servers, with the exception of a list of nodes that are allowed to contact LDAP on the pool members directly.  I created a data group list (class) with the exception nodes in it, and have written the following iRule to accomplish this:&nbsp;
&nbsp;when CLIENT_ACCEPTED {
&nbsp;if { not [matchclass [IP::client_addr] equals $::ldap] } { if { [TCP::server_port] equals 389 }
&nbsp;{
&nbsp;drop
&nbsp;}
&nbsp;else {
&nbsp;forward
&nbsp;}
&nbsp;}
&nbsp;}&nbsp;
&nbsp;The syntax of the rule is ok, but the problem arises when I apply it to my Forwarding (IP) virtual server.  The TCP::server_port part requires that I have a TCP profile on my forwarding virtual server, but that's not possible since it has a Fast L4 profile.  Anybody know of a way I can write an iRule that will make my forwarding virtual server recognize the server_port?&nbsp;
&nbsp;thanks.

hooleylist · Answer

citizen_elah provided a good solution here for making port based decisions on a forwarding VIP:&nbsp;&nbsp;Click here&nbsp;
&nbsp;Aaron

Forum Discussion

Forwarding Virtual Server, Fast L4, and TCP?

1 Reply

Recent Discussions

Open Redirection Mitigation

F5Access | MacOS Sonoma

enable tls1.2 on management interface on F5 ltm running version 10.x

[ASM] - what is "Browser Challenge file" ?

SMS server with BIGIP

Related Content

Check a Virtual Server's SSL Status

Virtual Server graphical App for F5 LTM

virtual server config

Reviewing vulnerability scanner results for an Access Policy Manager (APM) protected Virtual Server

Restricting Access to Virtual from client IP address in X-Forwarder-For HTTP header