Symantec Mail gateway Load balancing through F5 LTM and Protocol security Bind for SMTP .
I am trying to load balance Symantec email gateways behind LTM. I have tried using snat automap and without SNAT it still does not work. When I change gateway on SMG servers to self ip they become untraceable from f5. The vip and servers are in same subnet, anybody has idea with similar deployment . Seems like I need to pass source ip of client to the SMG servers however that is not happening , though it's default behavior with no snat, suggest what we can try...
Client---->Internet--->Asa Firewall----> Router---->Checkpoint---->DMZ-->F5---- SMG1, SMG 2
Here is the configuration details for above traffic flow:
Scenario 1:
VIP=172.10.1.100 SMG1=172.10.1.150 SMG2=172.10.1.200 Self ip= 172.10.1.120 Snat Automapo Enabled
Getting error on SMG, that source ip not available (source ip in this case seen on smg is 172.10.1.120)
==================================
What is recommended or best practice for this deployment
Scenario 2
Same as above just removed SNAT from VIP, from POOL and from both as well, still no reply see traffic being reset by VIP
===================== Scenario 3
combined with Scenario 2, also added default gateway on the SMG servers to point to self ip on the F5, no luck now even the service does not show up and the cant telnet server on port 25.