Forum Discussion
rafaelbn_305907
Nimbostratus
NimbostratusDesign - SNAT vs. Inline (kind of philosophical)
Hello Devs! Hows everybody doing?
I'm new to BIG-IP and I'm currently studying for the 301a exam. I came from the networking world.
I'm a big fan of letting routers "route", firewalls "fire...
stan_piron
Cumulonimbus
CumulonimbusHi,
First, BigIP is not only a load balancer... but also a firewall, a reverse proxy, a SSL VPN gateway, a DNS server, a Web Application Firewall...
Reading K12837, SNAT does not demote PVA in version 11.2.1 and later.
There is not really best practice but configuration without SNAT is better to keep client IP on server side connection.
HTTP connections support X-Forwarded-For header to insert client IP even if SNAT is enabled.
for all other protocols, SNAT may cause some limitations. for example, if you load balance SMTP connection with SNAT, AntiSPAM feature may be limited.
