Forum Discussion
F5 SMTP Fast Template - SNAT Not working as expected
- Oct 06, 2023
Franky-frank-reg7 That is true but to simplify the configuration so that you reduce the man hours you might/will spend in the future troubleshoot a non-standard deployment of the F5 you should deploy it as option 1
The traffic is definitely making it through the VIP, we configured the template with the domain name "mycompanytest.com", and it's exaclty what appears in the output of the SMTP logs on the server.
Franky-frank-reg7 What does the virtual server and any associated configuration look like? Do you see SNAT enabled on the virtual server?
- Franky-frank-reg7Sep 25, 2023Altocumulus
It's a very straight forward configuration. There is no SNAT configured, no SSL profiles (Client/Server), or VLAN filters. Please see the snip below:
We just re-tested and it appears it may have been correct, the traffic we saw on the servers were the healthy monitors. The thing I can't describe is why traffic isn't making through the VS, exchange and other applications we deployed with FAST templates are working. Just not SMTP at the moment.
- PauliusSep 25, 2023MVP
Franky-frank-reg7 I recommend using tcpdump to see if you can catch anything as it comes in.
tcpdump -nni 0.0:nnp host 10.10.200.200 and port 25 -w /shared/tmp/smtp_tshoot.pcap
With this you should be able to see if traffic is making it to the F5 and if it's being handled by an incorrect virtual server it would show that information as an additional tag labeled F5 I believe.
- Franky-frank-reg7Sep 28, 2023Altocumulus
Paulius Traffic is indeed making it through the VS. If you review the post below the server on IP 10.10.221.50 is a regular server sending SMTP traffic to the VS on IP: 10.20.225.228 and it utimately hits the backend pool member on IP 10.20.225.150 shown in the wireshark capture below.
What we're unable to describe is why traffic is not being processed on the exchange server (10.20.225.150) as mail traffic. It's almost as if the F5 is formatting the packet, even though there's no SNAT, TLS termination, or any other settings accept the TCP profiles configured in the template.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com