Forum Discussion

Nimbostratus

Feb 12, 2013

F5 LTM off path design (with SNAT) and client IP logging

Hi Experts I have one deployment for F5 LTM 6900. We want to load balance below applications on different servers. Exchange (OWA, MAPI, RPC OVER HTTP, OUTLOOK ANY WHERE) VDI (VIRTUAL DESK...

config

design

pete_71470

Cirrostratus

Feb 13, 2013

I'm afraid the iRule won't help you in that way. The rule simply documents the connection so that later, say for forensics or connection troubleshooting, you need to correlate the connecting client's IP with the SNAT used (which would have a corresponding IP and ephemeral port in some log generated by your applications). Since your applications see the source IP as the SNAT you'd have to perform any necessary access control on the F5 (data groups, etc). I like Steve's idea of simplicity but I don't have control over the servers our F5's steer traffic toward.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)