For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Chris_Phillips's avatar
Chris_Phillips
Icon for Nimbostratus rankNimbostratus
Mar 10, 2006

applying snat based on route out of local network

Howdy,     Our LTM's sit between our client networks and our server networks, switching all data on a vlan group to gain full visibility of all traffic. this is not an exact split though, and ob...
application delivery
dev
devops
iRules
Chris_Phillips's avatar
Chris_Phillips
Icon for Nimbostratus rankNimbostratus
Mar 11, 2006
A bit more work and it's a bit better and more efficient (I think)
  when LB_SELECTED {
     server_networks is a data group / class defined elsewhere
     start with zero score
    set snat_score 0
     increase score if client is on server network
    if {[matchclass [IP::client_addr] equals $::server_networks]} {
      incr snat_score 
    }
    
     increase score if server is on server network
    if {[matchclass [LB::server addr] equals $::server_networks]} {
      incr snat_score 
    }
   
     if score is not 1 then client and server are on
     same side of LTM, so SNAT is required
    if { $snat_score != 1 } {
      snatpool my_snatpool
    }
  }
Of course if i'm missing something really fundamental here about the need to SNAT then i'd appreciate advice!