For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Eric_Sanchez_27's avatar
Eric_Sanchez_27
Icon for Nimbostratus rankNimbostratus
Apr 04, 2010

Clarification of SelectiveSnat/iRule SNAT. Need help.

Im trying to understand what the difference is between using SNAT AUTOMAP and what I call an iRule SNAT. This is what I am attempting to accomplish: If I have two different VS (that need to talk to ...
config
design
Nit_67494's avatar
Nit_67494
Icon for Nimbostratus rankNimbostratus
Dec 10, 2010
Hi Bhattman,

 

I have 2 F5 at DMZ as (active - passive) and I have F5 at internal zone also. If I configure VS at the Internal F5, and the pool members are inside my internal serverfarm, without automap and all my clients (users) can access to the VS. But if I configure the VS at DMZ-F5, I need to use automap in order to my clients to access the VS? what will it possible the cause? is it because my F5 has 2 self IP (active-passive)? so when the packet going back from my server to client don't know the symmetric traffic path?

 

 

Another questions, if the server need to be accessed by internet users, I should configure the VS at DMZ F5, but what is the better approach, should I configure the pool member is the internal F5 IP or directly my server IP Address? if I put the internal F5 IP then there is additional hop.

 

 

Thanks