Forwarding VIP SNAT Rule

Question

Hello&nbsp;
Ok my predicament, we have a DMZ Network sat behind our F5 that we want to Route the traffic via the F5. I have 2 IP forwarding VIP's for TCP and UDP. The first couple of servers we pointed through it worked fine but now subsequent ones will not work. If I check the logs there are constant Inet port exhaustion (proto 17) due to our DNS server being on the internal network that the DMZ servers are trying to route to. At the moment our Forwarding VIP is set to Auto Map which maps to the Self IP, I don't want to do a SNAT pool for the internal as I don't have enough free IP's.&nbsp;
My question is how can I set a rule or NAT to basically say if you come from this Source IP to this Destination IP then NAT to this IP ? I want to give each of my DMZ servers a 1 to 1 NAT but only to the internal network not the external.&nbsp;
Hope that makes sense!&nbsp;

emad · Answer

If you do not want internal ip addresses to NAT then add source based nat rule to you forwarding VIP.
e.g 
when CLIENT_ACCEPTED{ 
if {[IP::addr [IP::client_addr] equals SOURCE_IP]}{
    snat  NAT_IP       
    }
}

Forum Discussion

Forwarding VIP SNAT Rule

1 Reply

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

In Using the AST tool am I pointing it to TENANTS or to the F5OS(hardware) I have?

2026 is Almost Here

can you help with getting a BigIP virtual edition serial key

VIP is not responding on SYN after enabling other modules like ASM, APM and AFM.

VIP in https that redirect to another vip in https

Related Content

F5 Distributed Cloud Origin Server Subset Rules

LTM Cipher rule

SNAT pool persistence

SSH forward proxy

Bidirectional Forwarding Detection (BFD) Protocol Cheat Sheet

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS