LoadMaster routing best practices within two or more networks
When the LoadMaster is deployed within two or more networks, keeping routing correct will make or break the setup. Here are a list of tips and tricks to follow best practices which will ensure the LoadMaster is routing accurately.
The LoadMaster's Web User Interface (WUI) is the central point of administration. If needed, the interface on which the WUI is displayed can be changed. Often, customers set the WUI to a management-specific subnet. This change can be made within the Remote Access page (Certificates & Security > Remote Access). Prior to setting the Allow Web Administrative Access option, ensure to set the Administrative Default Gateway for the subnet which the WUI will be moved to.
Changing the LoadMaster's default gateway to a different interface may be required at some point. Often using the DMZ-facing interface is the best way to configure the LoadMaster. To accomplish this, first - enable alternate gateway support. This can be done in System Configuration > Miscellaneous Options > Network Options.
Once enabled, the appropriate interface can be selected and Use for Default Gateway can be selected. When you select this option, you will automatically be redirected to a page to update the default gateway IP address.
Each Virtual Service can also be configured with its own gateway. This can be set in the Advanced Properties section of the Virtual Service modify screen. That means you can send Virtual Service responses through a gateway specific to each Virtual Service. Ensure that the gateway is within the same subnet as your Virtual Service.
In addition to configuring a gateway for each of the Virtual Services, ensure that responses are sent out on the correct interface. Enabling the Use Default Route Only option will accomplish that. This feature is also located in System Configuration > Miscellaneous Options > Network Options.
Without forcing the use of the Use Default Route Only option, this scenario can result in asymmetrical routing which may affect users on networks directly connected to the LoadMaster, who can access Virtual Services located on a different interface of the LoadMaster (particularly where a stateful firewall is used).
After all of these settings and features have been configured, the LoadMaster should be able to route all traffic appropriately.