Forum Discussion

Scott_Hopkins's avatar
Scott_Hopkins
Icon for Nimbostratus rankNimbostratus
Feb 08, 2016

Confirmation of Precedence for SNAT vs WC VS

It looks like we're gong to have to deploy a wildcard VS with an irule to perform selective SNATs for a couple of applications. Since we have many other applications already deployed that could be c...
application delivery
iRules
MichaelatF5's avatar
MichaelatF5
Icon for Employee rankEmployee
Feb 08, 2016

A good rule of thumb, is Most Specific First.

 

To be specific about it:

 

  1. Existing Connections
  2. Packet Filter
  3. Virtual Server
  4. SNAT
  5. NAT
  6. SELF-IP
  7. DROP

However, if you have a wildcard VS that is LESS specific than your SNAT entry, then SNAT will win. If you have existing VS that are configured specifically for application traffic (Source, Destination, Protocol, Port, etc) that will win over a WC Virtual Server with NO PORT, NO DESTINATION, NO SUBNET, etc.