Forum Discussion

William_Housen_'s avatar
William_Housen_
Icon for Nimbostratus rankNimbostratus
Nov 16, 2011

Basic design question using firewalls and LTMs

Hello all     For the longest time the environment I inherited had their web facing servers and so on sitting on the same internal trusted subnets as everything else. What I would like to do is ...
config
design
nathe's avatar
nathe
Icon for Cirrocumulus rankCirrocumulus
Nov 16, 2011
William

 

 

f5 have catered for this scenario with SNAT. See definition from PDF guide below. Basically it means the source IP is changed to be the f5 so return traffic always goes via the f5.

 

 

"A secure network address translation (SNAT) is a BIG-IP® Local Traffic

 

ManagerTM feature that translates the source IP address within a connection

 

to a BIG-IP system IP address that you define. The destination node then

 

uses that new source address as its destination address when responding to

 

the request.

 

For inbound connections, that is, connections initiated by a client node,

 

SNATs ensure that server nodes always send responses back through the

 

BIG-IP system, when the server’s default route would not normally do so.

 

Because a SNAT causes the server to send the response back through the

 

BIG-IP system, the client sees that the response came from the address to

 

which the client sent the request, and consequently accepts the response."

 

 

Hope this helps.

 

Rgds

 

N