Forum Discussion

SH_F5_381212's avatar
SH_F5_381212
Icon for Nimbostratus rankNimbostratus
Jan 29, 2019

APM configuration query

While configuring APM, do we have to have configure self ip for any particular reason or task to perform ? I think for AFM we do, To make sure traffic is allowed on particular vlan which is represented by the self-ip. Please correct me if I am wrong.

 

Thank you, S

 

  • I guess it's plausible that your SSL VPN connects to the same internal network you already had configured; one that already had a self-IP configured. It would then at least seem like you didn't need to set a self-ip, which could be understandably misleading.

     

    I would highly recommend getting a team to do the configuration for you, or at least doing more research on self-ips, in addition to having a chat with your SE. It sounds like you have a currently working environment; any misconfiguration could jeopardize your production environment.

     

  • Regardless of which modules are enabled, self IP's provide a few functions:

     

    1) They tell the BIG-IP which networks it is directly connected to

     

    2) They provide an endpoint for routes

     

    3) They are required for SNAT and monitoring processes to work correctly

     

    I'd go ahead and configure self IP's for any vlans configured, unless I was implementing a solution that I knew didn't need them.

     

  • Nath's avatar
    Nath
    Icon for Cirrostratus rankCirrostratus

    SELFIP is the fundamental components that you need to configure in F5, regardless of which module you are using.

     

  • I guess it's plausible that your SSL VPN connects to the same internal network you already had configured; one that already had a self-IP configured. It would then at least seem like you didn't need to set a self-ip, which could be understandably misleading.

     

    I would highly recommend getting a team to do the configuration for you, or at least doing more research on self-ips, in addition to having a chat with your SE. It sounds like you have a currently working environment; any misconfiguration could jeopardize your production environment.