Forum Discussion

lakshmianrayana's avatar
lakshmianrayana
Icon for Altostratus rankAltostratus
Nov 06, 2017

Wants configure with two Gateways in F5 to access remote users.

we have HA f5 with LTM,APM and ASM its has serve to two customers A & B, each customers has own DMZ and LAN segment VLANs but now default route to single Gateway; my question is we planned to implement another firewall (gateway) to customer B how to enable two gateways to my F5 without done major changes in F5; Customer-A DMZ VLAN IP are 10.10.10.x is connected with firewall and LAN VLAN IP are 10.20.30.x with server segment switch; customer-B DMZ VLAN is 10.10.6.x needs to connect with new Gateway and LAN VLAN IP (Node) are 192.168.x.x and connected with server segment switch.

 

application delivery
LTM

2 Replies

Sort By
  • Henrik_S's avatar
    Henrik_S
    Icon for Nimbostratus rankNimbostratus
    Nov 06, 2017

    The first question would be: is the deployment inline L3, or just one/two/multi-arm deployment with SNAT? If the latter, then you should just verify that auto last hop is in place and the services should run respond fine without any other configuration changes as long as the new gateway is on the same VIP VLAN as the old one.

     

    If its an inline L3 deployment, you would probably have to look into PBR. Another option could be route domains (Cisco VRF), but as you state you are using APM you should test this first as not all APM functions perform as well with route domains (alot of services used by APM rely on the default route domain).

     

  • Michele_Jetz's avatar
    Michele_Jetz
    Icon for Nimbostratus rankNimbostratus
    Nov 06, 2017

    if you have different customers on one box(one cluster) shouldn't you already use Route maps? so you wouldn't have your current issue?

     

    I'm not aware of APM related stuff except basic. So I don't know if there are restrictions towards Route Domains