Forum Discussion

mpete32_168869's avatar
Jan 07, 2015

Difference between Floating and Self Ip's

When configuring firewall rules to allow clustered DMZ F5's to communicate with backend pool members, do i need to enter the Self IP's of both LTM's AND the floating IP, or just the Self IP's? My understanding is that the floating IP is strictly for clustering and heartbeat connectivity between the two F5 boxes in a traffic group.

 

  • nathe's avatar
    nathe
    Icon for Cirrocumulus rankCirrocumulus

    The non-floating self ips on both big-ips will need access to the backend pool members for health monitoring.

     

    The floating self ips, if configured and using SNAT Automap, for example, will be used for application traffic so may also need firewall rules in place. So floating self ips can be used for servers' default gateways in an inline setup and/or the source address of incoming client traffic if the servers' default gateways is not the bigips.

     

    Hope this helps,

     

    N

     

  • Possibly. If you are using SNAT automap on the LTM, then you will need to configure the floating IP address in your admission rule because all traffic will originate from it. If you configure an explicit SNAT IP or pool, those will require admission also. If you are not using SNAT, then you should only require the Self IP's to allow for monitoring, but would also need to permit all client traffic from the internet as well, since the F5 will not change the source IP of the packet without SNAT enabled.