Best way to send client ip info to windows ADS domain controllers.

Question

I've got several vips with ADS domain controllers underneath them.  They aren't using HTTP traffic, so X-Insert-For doesn't work for them.  I implemented the below irule, but for some reason it only worked in their dev and qa environment, but not in their prod.  What I would like to know if the below irule is good, or if there's a better irule or method to getting them the client ips.  They can't turn off snat and use the F5 as their default gateway, so that's out.
when CLIENT_ACCEPTED {
set hsl { HSL::open -proto TCP -pool  }
HSL::send $hsl "Client's ip address is [IP::client_addr]:[TCP::client_port].
"
}

I've applied this to irule to four ports of 3268, 3269, 636 and 389.

stanislas_piro2 · Answer

Hi,&nbsp;
Your irule send a tcp syslog packet!&nbsp;
It may not work except if the pool member is syslog!&nbsp;
If you want ADS (AD?) to have the client ip,f5 must be the default gateway and disable snat &nbsp;

Forum Discussion

Best way to send client ip info to windows ADS domain controllers.

Recent Discussions

AS3 Limitations

Help needed with iRule (connection closed log )

Use of SSL Decryption.

VLAN Failsafe Functionality

FTP PASV mode to Extended Passive mode

Related Content

Announcing F5 NGINX Ingress Controller v4.0.0

Windows edge client - Trusted Sites

F5 BIG-IP Access Policy Manager (APM) Machine Tunnels for Windows

Overview of API Access Control and implementing API key access control with BIG-IP APM

API Security: How to implement API Access Control with F5

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS