Forum Discussion

Nimbostratus

Jan 24, 2019

Send original client IP to DCs

Hi Can someone please tell me how to send source IP in AD requests to back end Domain controllers? We have DCs load balanced on bigip. When a AD request leave the LTM it takes the LTM self IP & hits ...

Cirrocumulus

Jan 24, 2019

You'd be better off asking (Or supplying), what information in an LDAP request can AD log? I'm not an AD expert...

If the AD logs are limited to only having the IP connections srcip in them, then your only option is to NOT SNAT them
If the AD can be convinced to log the address extracted from TCP Option 28 headers, then you can stuff the original IP in option28 and do that. Here's an article from Jason Rham on how to do the BigIP side of it (From back in 2011) Accessing TCP Options
If AD can be convinced to log some other random piece of info in the LDAP query, you could try adding that to the query, on the fly... That's probably not an option for the faint hearted. But it'd be an interesting challenge.

Forum Discussion

Send original client IP to DCs

Recent Discussions

What happens if I only enable ASM in BIG-IP Under System > Resource Provisioning

What is the meaning is 52% block in WAF

Rundeck ansible F5 errors

rewrite Azure AD response for portal access via web portal

AS3 Monitoring multiple ports selectively

Related Content

F5 Distributed Cloud Origin Server Subset Rules

Enhance your Application Security using Client-side signals

iRule based RADIUS Client Stack

Change original source IP to random in ASM logs

LTM Policy don't send to external log server