Forum Discussion

Nimbostratus

Feb 12, 2013

F5 LTM off path design (with SNAT) and client IP logging

Hi Experts I have one deployment for F5 LTM 6900. We want to load balance below applications on different servers. Exchange (OWA, MAPI, RPC OVER HTTP, OUTLOOK ANY WHERE) VDI (VIRTUAL DESK...

config

design

pete_71470

Cirrostratus

Feb 13, 2013

I'm afraid the iRule won't help you in that way. The rule simply documents the connection so that later, say for forensics or connection troubleshooting, you need to correlate the connecting client's IP with the SNAT used (which would have a corresponding IP and ephemeral port in some log generated by your applications). Since your applications see the source IP as the SNAT you'd have to perform any necessary access control on the F5 (data groups, etc). I like Steve's idea of simplicity but I don't have control over the servers our F5's steer traffic toward.

Forum Discussion

F5 LTM off path design (with SNAT) and client IP logging

Recent Discussions

Deploying F5 WAF in front of Azure Web App Services

What happens if I only enable ASM in BIG-IP Under System > Resource Provisioning

What is the meaning is 52% block in WAF

Rundeck ansible F5 errors

rewrite Azure AD response for portal access via web portal

Related Content

F5 BIG-IP in Cisco ACI Multi-Site and Multi-Pod - Design Options

Verified Design: SSL Orchestrator with Palo Alto NGFW Virtual Edition-Part 1

ASM logs

ASM LOGS

request logging profile want to log client certificate details