Nov 04, 2022

F5 VIP as syslog destination on network devices

We have all the network devices pointing to the F5 Virtual server and under that server, we have elastic nodes.

In elastic, we see logs but all of them have the source as F5 Self IP, I have marked NAT as none on F5 VIP but still see source IP in elastic as self IP.

Any thoughts, how this can be fixed?

  • What about an attached iRule or Local Traffic policy or some kind of irule/local traffic policy or AFM policy that sends the traffic internally from one virtual server to another that has Auto Map enabled (yes F5 can even do that ) that may use a SNAT object as having global SNAT/NAT on device level is something that I have not seen anyone actually using this stuff in a real client environment but hey maybe Mohamed_Salah_   is right and you by a miracle have this configured on your F5 devices 😀

