Forum Discussion
pete_71470
Feb 13, 2013Cirrostratus
I'm afraid the iRule won't help you in that way. The rule simply documents the connection so that later, say for forensics or connection troubleshooting, you need to correlate the connecting client's IP with the SNAT used (which would have a corresponding IP and ephemeral port in some log generated by your applications). Since your applications see the source IP as the SNAT you'd have to perform any necessary access control on the F5 (data groups, etc). I like Steve's idea of simplicity but I don't have control over the servers our F5's steer traffic toward.