External to External SNAT

Question

I have a situation where an existing f5 has to subnets attached as external.  In this one case, we need to SNAT between the two external networks.  Is this possible?&nbsp;

ron_demena_1724 · Answer

I am assuming I can, because I know we can SNAT on the same subnet.  Does anyone have an example of how to make this work?

jgranieri · Answer

hello,
my guess would be something like this below that uses data groups to define what the client ip would match in order to be snat'd.   my example below says use snat default would be an ending like snat automap, but the rule below has snat none.
when CLIENT_ACCEPTED {
log local0. "[IP::client_addr]:[TCP::client_port]: New connection to [IP::local_addr]:[TCP::local_port]"
if {[matchclass [IP::client_addr] equals EXTERNAL_SUBNET]}{
   log local0. "[IP::client_addr]:[TCP::client_port]: Matched EXTERNAL SUBNET"
  snat X.X.X.X
 } else {
   log local0. "[IP::client_addr]:[TCP::client_port]: No match, using default snat"
  snat none  
}

}

Forum Discussion

External to External SNAT

2 Replies

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

Same LTM Monitor applied to different Pools with Common Nodes

irule execution error

F5 AWAF/ASM learning only from Trusted traffic?

OWA File Upload URIs for WAF Bypass

Curl 7.10.5 < 8.12.0 Integer Overflow (CVE-2025-0725)

Related Content

External Monitor Information and Templates

TACACS+ External Monitor (Python)

CSV to Address External Datagroup File

snmp-check external monitor

External Monitor Templates

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS