Forum Discussion
Pedro_Haoa
Jun 01, 2017Ret. Employee
Hi,
Remember that there are multiple types of listeners, so the order of precedence is as follow:
- Connection table
- Packet filters
- Destination “listener” (i.e. Virtual Server)
- IP : port
- IP : * (all ports)
- NW : port
- NW : *
- * : port
- * : * (wildcard virtual server)
- Source “listener” (SNATs not in VS)
- Single IP
- Network
- All Addresses
- NATs
So first BIG-IP system check if there's an entry in the connection table. By default PF don't affect existing connections, but they can be changed to filter existing connections. Next we have the destination listeners or VSs, and then our source listeners (SNATs). Within both destination and source listeners, they can be configured more or less specific. Finally we process NATs.
I hope this helps.
Pedro