Forum Discussion

The_Nirvana's avatar
The_Nirvana
Icon for Altocumulus rankAltocumulus
Jun 03, 2024

How can developers manage nodes having F5 as gateway?

Hello Team,

 

I have a Big IP F5 with AWAF module (version 17.1.1.1) whose floating IP address is configured as the gateway IP for all the nodes. I have created a standard virtual server to host HTTPs services with SSL bridging and AWAF policies. However, our web developers need to administer the content of the web servers via SSH and RDP.

 

Can you advise what is the best way to provide management access to the several nodes?

 

When attempting to SSH or RDP, the nodes are forwarding the response to the BIG IP which in turn is not forwarding the response to the edge firewall. Can you advise if a forwarding L2 or L3 virtual server can be useful in this scenario and how it can be used?

  • Hello all,

    This issue was solved by creating a Forwarding (IP) virtual server which allows all clients to reach all hosts on all ports on the BIG IP.

  • dual homed servers an option? so with a second nic in a management network.

    • The_Nirvana's avatar
      The_Nirvana
      Icon for Altocumulus rankAltocumulus

      Hello all,

      This issue was solved by creating a Forwarding (IP) virtual server which allows all clients to reach all hosts on all ports on the BIG IP.

    • The_Nirvana's avatar
      The_Nirvana
      Icon for Altocumulus rankAltocumulus

      We attempted this and found that eventually, a large number of VIPS needs to be created. It is not very practical when the number of nodes are large. In addition, our developers get confused when dealing with different IP addresses for different purposes, as this is not really their field of work.

       

      Any other ideas?