F5 LTM SNAT

Question

Internet --- FW ---42.x.x.x =nat= 10.10.1.1/24 --- F5 --- SPAM Filters (10.10.2.4/24, 10.10.2.5)&nbsp;
I have&nbsp;
Internet incoming SMTP traffic going to 42.x.x.x NAT to F5 VS IP 10.10.1.1/24.F5 then load-balance traffic to SPAM Filters @ 10.10.2.4/24 and 10.10.2.5/24.SPAM Filters then sends back to the F5 floating IP (as the default gateway).F5 uses SNAT to map 10.10.2.4/24 and 10.10.2.5 to 10.10.1.1/24 to send to Internal Exchange.If email needs to go to Internet, FW wil NAT 10.10.1.1/24 = 42.x.x.x
Is this the recommended approach?&nbsp;
Or&nbsp;
The SPAM filters should be deployed at 10.10.1.x with FW as it's default gateway? I.e., any outgoing email from SPAM filters will be directly from itself rather than F5 VS IP.&nbsp;

cory_50405 · Answer

I would imagine you could set SMTP routes on your spam filter servers (if they are true email proxies). You could set the default route on your spam filters to the firewall, but have an SMTP route in place for the Exchange environment, and route that to the LTM virtual server for load balancing across the Exchange servers. Any email bound for external sources would be routed out of your network by your firewall and wouldn't need any load balancing from LTM.

Forum Discussion

F5 LTM SNAT

1 Reply

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

can you help with getting a BigIP virtual edition serial key

VIP in https that redirect to another vip in https

In Using the AST tool am I pointing it to TENANTS or to the F5OS(hardware) I have?

2026 is Almost Here

VIP is not responding on SYN after enabling other modules like ASM, APM and AFM.

Related Content

The State Of HTTP/2 With F5 LTM

Arabic Blackboard F5 series [LTM Idea] باللغة العربية

F5 HTTPS Redirect 2025

Use F5 LTM as HTTP Proxy

F5 Threat Report - November 26th, 2025

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS