Forum Discussion

sysadmin_2015_2's avatar
Icon for Nimbostratus rankNimbostratus
Aug 14, 2017

F5 Big-IP - Firewall



The F5 Big-IP Load balancer handles several of our different applications. The network team needs to give access to specific application that is managed by the Big-IP to a locked down segment of our network, behind a firewall. It is my understanding that the source address of the originating client is not altered by the Big-IP, therefore we should NOT need to include the Big-IP source addresses in our firewalls ACL’s. I'm I correct in my understanding? Any help would be appreciated.


Thank you,


1 Reply

  • Hello,


    It depends on the configuration of your Virtual Servers, specifically the SNAT feature. If enabled on VSs, the F5 will replace the client IP address by it's own IP addr. This is a very common configuration (to avoid asymetric routing).


    So first you will need to check with the Load Balancer team how it is configured, depending on that you will know if you need to configure the ACL or not


    Hope it helps,