Showing results for 
Search instead for 
Did you mean: 

SSL VPN and the F5 GTM

Occasional Contributor

SSL VPN and the F5 GTM

Hello all

Forgive me if this question has been answered, I did look but couldn't find anything specifically what I'm after. I'm hoping it will actually be quite simple.


I am embarking on an adventure to design a remote access solution based on the Juniper SA series (MAG, SSL VPN etc.).  The customer has expressed a desire to load balance incoming requests to both data centres using the F5 GTM product.


I have experience with GTMs but to date it has been entirely GTM <-> LTM communications, no 3rd party. My thinking here is to:


1. Create two  'Server' objects on the GTM as a 'Generic Host' and specify the IP address of each of the external IP addresses of the Juniper MAGs, respectively.

2. Staying within the Server configuration I define the 'Virtual Server' or vIP of each device. These too will also be the external IP address of the MAGs

3. With these constructs now in place I can create two 'Pools' into which I add each Virtual Server.

4. Then define a Wide IP to respond to the DNS requests and assign both pools.


The GTM will then return the vIPs of each MAG.


I've rushed through that explanation but is anyone able to validate that the above will do the trick or is there a smarter way to achieve my goals?

Many thanks for your advice. I am new to Juniper so please bear with me through some seriously silly questions.

Frequent Contributor

Re: SSL VPN and the F5 GTM

I am doing something slightly different with my GTM for my QA SA clusters (I have a primary and a backup scenario rather than active/active)


But for what you are trying to do, I think you are on the right track. The one thing you will want to keep an eye on if going active/active is persistence. If your customer uses network connect, make sure you dont end up in a scenario where the initial client connection is load balanced to datacenter 1, and when the NC client comes up, it attemps to connect to datacenter 2 VIP

Occasional Contributor

Re: SSL VPN and the F5 GTM

Thanks -red-


That's some good advice right there. Certainly early lab testing have gone well. Regarding the Network Connect aspect that hasn't even been thought about yet but now you've mentioned it I'll bookmark it.


Any others for any more advice?