Limiting Service that pass through F5

Question

Hi,&nbsp;I have a question about creating VS service traffic separation.so, i have 2 server and i install an application that runs multiple service on those server ( like http, https, and smpt ), and i want to do the load balance.the problem is that i want all users access http and https through F5, but if they need smpt service they will not through F5.Here is the illustration for it :&nbsp;you can see the topology above, let me explain it,i have a firewall, it carry the NAT service, that translate the virtual server ip to ip public, and then there's F5 that translate the Virtual Server IP to the Server's real private IP,So, let me clear it, the traffic from public is : User - Firewall ( 1.1.1.1 to 10.10.10.10.) - F5 (10.10.10.10 to 192.168.1.1 ) - Server (192.168.1.1)&nbsp;Is there any command in iRule that can make it happen?(NB : user access the server via domain, so address 1.1.1.1 to example.com)

aaperson · Answer

These are the basic steps:1) Create Nodes2) Create Pool3) Add Members to Pool 3a) A Member is a Node with port4) Create Virtual Server4a) Add Pool to Virtual Server&nbsp;Roughly speaking, if Member 192.168.140.1:80 exists in a Pool and 192.168.140.1:443 does not, then the Virtual Server will answer to port 80 traffic, but not answer to port 443 traffic. If 192.168.140.1:25 doesn't exist in the Pool, then the Virtual Server won't answer to port 25 traffic.&nbsp;Good luck!&nbsp;&nbsp;&nbsp;

bianca_s · Answer

sorry i forget explain something, this is the right topology :so it's a public server, and the nat ip is on the firewall, the firewall translate it to IP VS in F5, then F5 translate it to the real ip.

So how can i separate the traffic between the services? is there any iRule command that i can use?

m_2 · Answer

HI, &nbsp;It all depends on the Virtual setup and the members you configure.you can create 3 different virtuals for https/http/smtp1 Virtual-HTTPs    -- Member1:443 Member2:443 2. Virtual-HTTP   -- Member1:80   &amp; Member2:80 3. Virtual-SMTP  -  Member1:25 &nbsp;&nbsp;&nbsp;

Forum Discussion

Limiting Service that pass through F5

3 Replies

Recent Discussions

Port Group on F5OS network setting

F5Access | MacOS Sonoma

Rewrite uri translation not working

Chrome V 124+ on MacOS - Virtual Server Access Issue

Transaction looks successful but file not downloading

Related Content

Per-app failover for Kubernetes-based services using F5 Distributed Cloud Services

Kubernetes architecture options with F5 Distributed Cloud Services

Migrating F5 BIG-IP APM From Legacy NAC Service to Compliance Retrieval Service

Using a Kubernetes ServiceAccount for Service Discovery with F5 Distributed Cloud Services

Getting Started with F5 Distributed Cloud Managed Services