Forum Discussion
How to see the real IP in server- The traffic is from VIP:HTTPS and SNAT is enabled.
I'm assuming most of the requests are coming from real end-users, and not client-servers. Possibly you applied SNAT configuration to make it possible for a few client-servers to access the content.
If that's the case, you can create an iRule to apply SNAT automap only when needed, and not in all use-cases. Typically you only need to apply SNAT when source and destination are in the same network.
Solution with iRule:
when CLIENT_ACCEPTED {
if {[class match [IP::client_addr] equals "data_my_network"]}
snat automap
log local0. "Applied SNAT for IP: [IP::client_addr]"
} else {
do not apply SNAT
return
}
"data_my_network" = address type LTM data-group which contains the network segment where end-servers are located (e.g 192.168.1.0/24). You then need to remove SNAT automap configuration from the virtual server (this has a possible impact and should be done during a scheduled maintenance window).
Other than that, I don't have any solutions for you. If the above is not applicable, you should either create a new network segment to solve the asymetric routing issue, or ask to migrate the SSL termination to F5.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com