Explicit proxy and snat-pools
Hi,
We are setting up an explicit proxy for some testing. What we have so far is pretty much the same as this article:
Explicit proxy example
Under the "Create a wildcard virtual server"-section you create a listener for the tunnel-interface. In the example they used automap, but we changed this to a SNAT-pool to better suit or firewall-rulesets. However, we would like to have one SNAT-pool/listener for traffic that is not in a pre-defined host-name-list, and one SNAT-pool for traffic that is in a "whitelisted" host-name-list. I dont understand quite what this wildcard-listener does, but it clearly is selected after you hit the proxy-ip-vs. So if we have 1.1.1.1:8080 as our proxy-vs, the next thing that happens is that F5 selects the 0.0.0.0:0 wildcard vs that is configured through the http-profile. The documentation doesnt really explain why this wildcard-listener is needed, and is it possible to select a different wildcard-listener with a different SNAT-pool in an iRule?
As far as i can see, i could create a new wildard-vs with another SNAT-pool and enable it on the tunnel-interface, but i have no clue how to select it.