Forum Discussion

zack_254145's avatar
zack_254145
Icon for Nimbostratus rankNimbostratus
Mar 22, 2017

AFM Destination PAT question

Hello Team,

 

I have a LTM + AFM and now want to do destination PAT. For example, I have a group of servers behind AFM and I want to admin them via a same external IP but different ports, for example

 

client ----> AFM ip: 1130 ----> real server1: 443

 

client ----> AFM ip: 1131 ----> real server2: 443

 

client ----> AFM ip: 1132 ----> real server3: 443

 

I've played around AFM NAT Policy but I don't see a method to do this. In destination NAT, we can create ip + port pair, but when using it by creating an AFM rule, this is no way to set port number for the IP on AFM. Generally my needs is to change the AFM external ip and port to the real server's ip and port 443. Is that possible? I know we can do that by creating a virtual server, or just using an irule, but it's supposed to be a very common feature on firewall, so I am suspecting sth missed on my side.

 

Any ideas would be appreciated!