Load Balancing different interfaces
The way I have the BigIP is connected directly to the DMZ interface and then all proxying goes back through the firewall to hosts on the inside interface. But, can the F5 in this particular setup also allow us to load balance inside services as well? I would think so since it would just load balance the requests between the members in the pool (even if they’re on another physical interface), but I’m not sure. I’m not sure if it needs to be directly connected to the inside for this. Any suggestions or comments? Thanks.
You have the LTM in front of the firewall? My LTMs load balance both internal and DMZ, but all interfaces are behind the firewall. Be careful with your routing, as you can definitely get into trouble. I have no experience with it, but I'd look at route domains to keep DMZ and internal separate. Also be mindful of the problems your firewall can cause. Unless you manage both, it can turn into a lot of finger pointing when there is a problem.
In a perfect world, if I'm load balancing internal and DMZ VIPs, I'd prefer separate LTMs.
Chris