Forum Discussion
Kevin_Stewart
Nov 22, 2012Employee
The XFF header will show the client's true source, not the SNAT address.
You can certainly provide authorization rules based on data group entries, but as the rules get more complex you'll want to consider relying more on the application.