How can I inspect the payload on a UDP forwarding server?

Yes. Change the Virtual Server type to Standard. Since you are performing forwarding, assign no pool, and ensure that "Translate Address" and "Translate Port" are disabled/unchecked.

As you say, you can inspect payload only when operating as a full-proxy. FastL4 disabled that.

Do keep in mind that you can still inspect L3 and L4 attributes for the flow, most particularly the IP addresses and ports, even with a FastL4 profile.

Yes. Change the Virtual Server type to Standard. Since you are performing forwarding, assign no pool, and ensure that "Translate Address" and "Translate Port" are disabled/unchecked.

As you say, you can inspect payload only when operating as a full-proxy. FastL4 disabled that.

Do keep in mind that you can still inspect L3 and L4 attributes for the flow, most particularly the IP addresses and ports, even with a FastL4 profile.

So I spoke too soon, I had limited functionality in the irule and upon expanding it to what I really need it to do, I'm running into a Tcl error. My persistence table uses the MAC address plus the NAS IP as the key (I have multiple VIPs involved and need to use a composite key to uniquely identify client/VIP combinations). This is the irule so far:

when RULE_INIT {
   set static::SNAT_debug 1
   set static::DefaultSNATPool "SNATPOOL_base-vip"
}

when CLIENT_ACCEPTED { 
    Get the MAC address from the packet
   if { not ([RADIUS::avp 31 "string"] equals "" ) } {
       Remove the punctuation from the mac address
      set mac [string map {":" ""} [RADIUS::avp 31 "string"]]

       Also get the NAS IP
      set nas_ip [RADIUS::avp 4 ip4]

       Concatenate them together for the key in the persistence table
      set mac_up "[string toupper $mac]:$nas_ip"
      if { $static::SNAT_debug } { log local0. "mac_up is $mac_up" }

       Look up the mac address in the persistence table.  We need the pool it came in on
      set persistInfo [persist lookup uie $mac_up]
      set persistFields [split $persistInfo " "]
      set requestedPool [lindex $persistFields 0]

       Assume the default pool if we did not find a persistence record for this key
      if { $requestedPool eq "" } {
         if { $static::SNAT_debug } { log local0. "mac address $mac_up not found in persistence table!" }
         set mySNATPool $static::DefaultSNATPool
      } else {
          We found a persistence record
         if { $static::SNAT_debug } { log local0. "requestedPool is $requestedPool" }

          look up the associated snatpool for the pool from the persistence record
         set mySNATPool [class lookup $requestedPool PoolMap]
         if { $static::SNAT_debug } { log local0. "mySNATPool is $mySNATPool" }

          If for whatever reason we still do not have a default snat pool, assume the base
         if { $mySNATPool eq "" } {
            set mySNATPool $static::DefaultSNATPool
         }
      }
   }

   if { $static::SNAT_debug } { log local0. "***mySNATPool is $mySNATPool" }

    set the correct snatpool
   snatpool $mySNATPool
}

When I execute this rule on the VS with no pool assigned, I get the following errors:

01220001:3: TCL error: /Common/SNATfor1700 - Prerequisite operation not in progress (line 1) (line 1) invoked from within "persist lookup uie $mac_up"

I verified the persistence record exists for the key I am looking for. What could be triggering that Tcl error?

Thanks, Jen

Quite possibly: SOL14411: The persist iRule command may generate an error and terminate iRule execution.

Quite possibly: SOL14411: The persist iRule command may generate an error and terminate iRule execution.