Pool connectivity from the internal network

Question

Hello, &nbsp;
I've successfully deployed SharePoint 2013 using the F5 BigIP LTM iApp. I need SharePoint to be able to connect to our OWA pool. The OWA deployment documentation has a section about creating an iRule on the SharePoint VIP that forwards traffic with OWA headers to the OWA pool. &nbsp;
I have everything set up correctly but the SharePoint sessions aren't able to forward traffic to the OWA pool. This is evidenced by no traffic hitting the pool members. &nbsp;
We have firewalls between the F5 and internal network as well as between clients and the external network. &nbsp;
Can I have the SharePoint VIP forward traffic to the OWA pool members without having to go back through the internal/external firewalls? Only the External network can be configured for a VIP based on our security requirements. &nbsp;
Thanks, &nbsp;

mikeshimkus_111 · Answer

Hi Woody, does your external BIG-IP have a route to the OWA servers? If the firewall is between the external BIG-IP and internal network, then the traffic will either need to go through the firewall or route around it.

woody_ · Answer

Hi Mike,&nbsp;
Here's the layout:&nbsp;
Client ---------&gt; Firewall -------------&gt; F5 External Network/Presentation Zone (VIPs) -----------------&gt; Firewall ---------&gt; F5 Internal Network/Application Zone (pool members). &nbsp;
Since we can't route around the F5 sounds like going through the Internal firewall is required. &nbsp;

stephanmanthey · Answer

Hi Woody,  
traffic forwarded by a virtual server to pool members should show up in the pool member statistics.  
For non locally attached pool members you have probably a route pointing to the internal firewalls, right?  
Do the pool member statistics for the pool_owa show "In" packets but no "Out" packets?   
This would be an indicator for asymmetric traffic flow which could be avoided by applying SNAT to the virtual server. It will force all responses back to the BIG-IP and the BIG-IP will return the responses exactly the same way where the requests came in (aka F5 AutoLastHop feature).  
Thanks, Stephan

woody_ · Answer

Hi Stephan,

the pool members show no stats for either incoming or outgoing traffic.

nikhilb · Answer

In an example set up such as this, we have added the VS on the internal F5 as a pool member on the external F5. This way traffic that hits the external VS, gets 'forwarded' to the internal VS and then LB-ed to the respective servers. You will need to ensure snat automap is on to route back to the external F5. Hope this helps.

Forum Discussion

Pool connectivity from the internal network

7 Replies

Recent Discussions

import live updates from version x to version y

Tenant image upgrade

iRule editor partition button does not work

F5Access | MacOS Sonoma

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Related Content

Create isolated environment for internal and external networks

After applied ASM Policy to Virtual Server, connections will reset with Internal error in log

'What is Multi-Cloud Networking' Next Time on DevCentral Connects

2 internal server vlans

F5 Network Map to Json with Python