For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Don_Givens_2232's avatar
Don_Givens_2232
Icon for Nimbostratus rankNimbostratus
Nov 20, 2008

external IP for member of a pool?

I think I already know the answer to this question but:     My boss wants me to configure this if possible. We have a virtual server set up to loadbalance to 3 internal webservers. He want...
config
design
dennypayne's avatar
dennypayne
Icon for Employee rankEmployee
Nov 20, 2008
You will have to SNAT if you do this. Since the external host doesn't use LTM as it's default gateway, if you don't SNAT (meaning LTM preserves the client's source IP), the connection will make it to the external server but then be sent directly back to the client. The client will drop the packet because it made a connection to the virtual server, not the external host. By using SNAT you ensure that the external host sends the connection back to LTM before it goes back to the client.

 

 

The caveat with using SNAT is that you lose visibility to the original client's source IP in your server logs unless you add an X-Forwarded-For header or some other custom method of logging the original client IP. Some people care about this and some don't.

 

 

Denny