Forum Discussion
William_Housen_
Nimbostratus
NimbostratusBasic design question using firewalls and LTMs
Hello all For the longest time the environment I inherited had their web facing servers and so on sitting on the same internal trusted subnets as everything else. What I would like to do is ...
nathe
Cirrocumulus
CirrocumulusWilliam
f5 have catered for this scenario with SNAT. See definition from PDF guide below. Basically it means the source IP is changed to be the f5 so return traffic always goes via the f5.
"A secure network address translation (SNAT) is a BIG-IP® Local Traffic
ManagerTM feature that translates the source IP address within a connection
to a BIG-IP system IP address that you define. The destination node then
uses that new source address as its destination address when responding to
the request.
For inbound connections, that is, connections initiated by a client node,
SNATs ensure that server nodes always send responses back through the
BIG-IP system, when the server’s default route would not normally do so.
Because a SNAT causes the server to send the response back through the
BIG-IP system, the client sees that the response came from the address to
which the client sent the request, and consequently accepts the response."
Hope this helps.
Rgds
N
