Forum Discussion
nitass
Employee
I can see an SMTP request from the DMZ SMTP server to another server hit the F5 on the DMZ vlan interface by doing a tcpdump. I don't see it exit the box on the other vlan interface that faces the internet firewall.
if route is there, you should see egress packet. if you want, you can try wildcard performance layer 4 virtual server (instead of wildcard ip forwarding virtual server) and use gateway (192.168.120.254%1:any) as a pool.
when you did not see packet out, did you see reset? if yes, you may try to log reset cause.
sol13223: Configuring the BIG-IP system to log TCP RST packets
https://support.f5.com/kb/en-us/solutions/public/13000/200/sol13223.html
flicky2000_1616
Jun 05, 2015Nimbostratus
for some reason won't let me post the tcpdump output to devcentral - keeps saying it's spam!
Needless to say it's just SYN packets.
Running the same trace on the internet firewall facing vlan - I see nothing.
One thing to note but I don't think it matters - this is a cluster. Traffic groups with floating live traffic on rd0 are on the active box. This testing is being done on the standby box (but standby wouold only mean for floating traffic groups?). The default gateway for the DMZ FTP server is the non-floating self IP on the standby box. In fact there are no floating objects yet assocaited with rd1. NB. out of working hours I have also failed the floating traffic groups for the live traffic on rd0 over so the standby says Active. Just to see if that made any difference (I didn't think it would) - it didn't.