F5 Networks F5CAB5 Exam - Topic 1 Question 8 Discussion

Actual exam question for F5 Networks's F5CAB5 exam

Question #: 8
Topic #: 1

A BIG-IP Administrator configured the following virtual server to pass traffic on all addresses and ports. After configuration is completed, the BIG-IP Administrator notices that the virtual server is unable to pass traffic.

Plaintext

ltm virtual forwarding_any_vs {

destination 0.0.0.0:any

ip-forward

mask 255.255.255.255

profiles {

fastL4 {}

}

serverssl-use-sni disabled

source 0.0.0.0/0

translate-address disabled

translate-port disabled

}

Which part of the configuration is the cause of the issue?

AIncorrect translate-address configured

BIncorrect mask 255.255.255.255

CIncorrect destination configured

Show Suggested Answer

Suggested Answer: B

The failure of the Forwarding (IP) virtual server is caused by an incorrect Network Mask configuration for a wildcard destination.

Wildcard Destination: The administrator intends to create a 'Wildcard' Virtual Server that listens for any destination IP address (0.0.0.0).

The Mask Conflict: A mask of 255.255.255.255 (or /32) tells the BIG-IP to look for a specific, single host address. When combined with 0.0.0.0, the system is literally looking for traffic destined for the IP 0.0.0.0, which is not a valid routable destination for standard traffic.

Correct Configuration: To allow the virtual server to catch traffic for any IP address, the mask must be changed to 0.0.0.0 (or /0). This signifies that the system should ignore all bits of the destination address and match everything.

Forwarding Logic: The rest of the configuration---including ip-forward (Forwarding IP type), translate-address disabled, and translate-port disabled---is correct for a BIG-IP acting as a router/gateway.

by Jerry at Apr 04, 2026, 12:38 PM

Limited Time Offer

25%

1 month ago

I remember that using a mask of 255.255.255.255 means it's a host route, which might be too restrictive for passing traffic.

upvoted 0 times

...