Hi Ariel,
I would simply use an iRule:
when CLIENT_ACCEPTED {
check client source IP and target IP / target service and forward to honeypot
if {([IP::client_addr] eq "10.131.131.171") && ([IP::local_addr] eq "10.131.131.100") && ([TCP::local_port] eq "22")} {
node 10.131.131.111
}
}
And sorry for answering a bit off-topic.
I do not have AFM ready-to-run. But I assume it has the ability to assign a pool depending on policy match.
The pool would contain the honeypot servers (configured to port "0", so no port translation applied).
Thanks, Stephan