Forum Discussion

Nimbostratus

Jul 31, 2012

Do I need iRule and SNAT?

I'm very new to the F5's and the iRules especially. The iRules seem to be a very powerful tool, I'm amazed at what I'm finding out about using them. I'm a tad confused on how I can use them in my envi...

config

design

Michael_Yates

Nimbostratus

Jul 31, 2012

Hi wixxyl,

If the Juniper Firewall is serving as the Gateway for the subnets then you will need to SNAT. By default, any subnet NOT owned by the BIG-IP will require you to SNAT. This is so that the traffic will return to the BIG-IP and be re-routed back to the originator.

Without SNAT you would be looking at a broken route.

You should be able to enable SNAT on the Virtual Server and not need it in an iRule.

You can Enable SNAT in an iRule but this is mostly used when a portion of your traffic is going to a different network (there are other scenario's, but I will stick to the topic. I am sure you will discover the other situations in the future).

Hope this helps.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Do I need iRule and SNAT?

Recent Discussions

Upgrade F5 BIGIP

DNS HM Probe issue

Is XFF a must for ASM WAF DoS

Switch ssl profile based on weak cipher detection via IRULE

F5 Switches in 'Changes Pending' Status

Related Content

SNAT statistics and iRule for selecting SNAT IP

SNAT Pool Subent entry

SNAT question

"Port lockdown" option for SNAT pool addresses?

Selective SNAT problem

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS