Disabling SNAT on wildcard forwarding VS

To prevent hairpin issues, I enabled snat auto_map on the dmz & inside VLANs but not on outside (so I can track unique hits, etc). is this typo? i do see snat_automap is enabled on outside vlan, isn't it?

 

 

They come in with the firewall's address on the outside VLAN (from the F5 perspective) but the DHCP server replies to the guest interface's address... so no UDP "session" match. When the packets return to the firewall SNATed with the F5's address, it rejects them... that's not who it sent the DHCP request to.you mean incoming request is snat'ed but outgoing reply isn't snat'ed, don't you? wildcard-all virtual server with snat none irule is enabled on all vlan, so i am curious how come incoming request is snat'ed. is there anything i missed??

 

 

sol9038: The order of precedence for local traffic object listeners

 

http://support.f5.com/kb/en-us/solutions/public/9000/000/sol9038.html