Forum Discussion

Nimbostratus

Aug 17, 2017

Design - SNAT vs. Inline (kind of philosophical)

Hello Devs! Hows everybody doing? I'm new to BIG-IP and I'm currently studying for the 301a exam. I came from the networking world. I'm a big fan of letting routers "route", firewalls "fire...

Cumulonimbus

Aug 17, 2017

Hi,

First, BigIP is not only a load balancer... but also a firewall, a reverse proxy, a SSL VPN gateway, a DNS server, a Web Application Firewall...

Reading K12837, SNAT does not demote PVA in version 11.2.1 and later.

There is not really best practice but configuration without SNAT is better to keep client IP on server side connection.

HTTP connections support X-Forwarded-For header to insert client IP even if SNAT is enabled.

for all other protocols, SNAT may cause some limitations. for example, if you load balance SMTP connection with SNAT, AntiSPAM feature may be limited.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Design - SNAT vs. Inline (kind of philosophical)

Recent Discussions

Background Tasks

APM with EntraID as idP / request signed

Should config via cli rather than gui?

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

Verified Design: SSL Orchestrator with Palo Alto NGFW Virtual Edition-Part 1

F5 BIG-IP in Cisco ACI Multi-Site and Multi-Pod - Design Options

Verified Design: SSL Orchestrator with McAfee Web Gateway-Part 1

GitLab Vulnerability, Secure by Design Pledge, & Near Miss Supply Chain Attack

Mitigating OWASP Web Application Risk: Insecure Design using F5 XC platform

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS