F5-LTM-ROUTING

Question

Hello Experts,&nbsp;
I have one query here and i would like to ask you all&nbsp;
we have implemented F5 in our environment and its working great. we have hosted MAIL servers behind it and everything is working fine, any traffic hits to the mails servers VIP and it will be source natted and traffic will go to the respective servers and gets the response, &nbsp;
Here our exchange admins dont want to change source IPs, they want to see request is coming from which exact source IPs ( for thier troubleshooting purpose )&nbsp;
Is it possible to configure that any traffic goes through the F5 and hits and VIP and do not change the source IP and go to destinations ?&nbsp;
your expert ideas would be appreciated&nbsp;
Thank you so much&nbsp;

ianb · Answer

The reason that you would use source address translation is to cause the response to return via the LTM, and not directly to the client.   &nbsp;
You could disable source address translation if your pool members are configured to route traffic via the LTM, eg, if their default route points to the LTM.&nbsp;
Alternatively, for HTTP traffic only, you could have the LTM insert a X-Forwarded-For header with the client's original IP address. &nbsp;
F5 provides an ISAPI Plug-in, which you can download from the LTM's default page (click on the red f5 ball to get back to it) if you wish the client IP to be written to the IIS logs. See SOL4816 for more information on this.&nbsp;

basavaraj_16797 · Answer

Hi LAN,&nbsp;
Thank you so much for the response&nbsp;
Here in my case, we want clients original ip to be remained for the EXCHANGE traffic alone, when exchange admins capture the traffic they would like to see who are the users sending emails and their original IPs for the troubleshooting purpose&nbsp;

ianb · Answer

If you're not using an iApp, then just create a new http profile with Insert-X-Forwarded-For enabled, and associate that http profile with the virtual server that handles your exchange http/https traffic.

basavaraj_16797 · Answer

Oh we are using iAPP, even if we are using iAPP and if i create http profile with Insert-X-Forwarded-For enabled and once i associate this to MAILservers vip will it work ? when exchange admins capture the traffic will they able to see that who are all sending emails &nbsp;
Thanks again for your quick response&nbsp;

ianb · Answer

If you're using the iApp, then the X-Forwarded-For option should already be turned on.  Make sure you're using the 2010_2013 iApp, not the old 2010 one. If you don't have the latest iApp zip file, you can download it from downloads.f5.com, then go to iApps / Templates / Import to load the template into your LTM.

Also, take a look at Appendix B, in the deployment guide, which explains the steps necessary to install the ISAPI plugin on your IIS server:

https://www.f5.com/pdf/deployment-guides/microsoft-exchange-2010-2013-iapp-dg.pdf

Forum Discussion

F5-LTM-ROUTING

6 Replies

Win Big in Vegas: The iRules Contest is back with $5k on the line at AppWorld 2026

Jürgen - February 2026 Featured Member

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

HTTP2 iRule manipulation

Apmd memory and swap grows over time

ASM bd daemon crash while processing request body (SIGSEGV) – anyone seen similar behavior?

F5 APM irule to log the VPN session parameters

DNS topology not distributing as expected

Related Content

How to verify routes in F5 LTM

F5 LTM request logging via different route domain

Configure Path Routing on F5 LTM

providing 2 default routes on the F5 LTM.

Routing outbound smtp traffic through F5 LTM

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS