Best way to send client ip info to windows ADS domain controllers.

Question

I've got several vips with ADS domain controllers underneath them.  They aren't using HTTP traffic, so X-Insert-For doesn't work for them.  I implemented the below irule, but for some reason it only worked in their dev and qa environment, but not in their prod.  What I would like to know if the below irule is good, or if there's a better irule or method to getting them the client ips.  They can't turn off snat and use the F5 as their default gateway, so that's out.
when CLIENT_ACCEPTED {
set hsl { HSL::open -proto TCP -pool  }
HSL::send $hsl "Client's ip address is [IP::client_addr]:[TCP::client_port].
"
}

I've applied this to irule to four ports of 3268, 3269, 636 and 389.

stanislas_piro2 · Answer

Hi,&nbsp;
Your irule send a tcp syslog packet!&nbsp;
It may not work except if the pool member is syslog!&nbsp;
If you want ADS (AD?) to have the client ip,f5 must be the default gateway and disable snat &nbsp;

Forum Discussion

Best way to send client ip info to windows ADS domain controllers.

1 Reply

Recent Discussions

ASM instance creation

[ASM] - what is "Browser Challange file" ?

[ASM] - HTML5 Cross-Domain Request Enforcement - CLI command

Reverse Proxy Not Behaving

Stable Firmware for F5

Related Content

JWT authorization with NGINX Ingress Controller

Windows edge client - Trusted Sites

Distributed caching of authentication requests with NGINX Ingress Controller

F5 BIG-IP Access Policy Manager (APM) Machine Tunnels for Windows

API Security: How to implement API Access Control with F5