Identify original client ip address for a VIP with only TCP profile

Question

Without disabling SNAT/ Automap,The pool member needs to know the original client address. How can we achieve it? Is there any policy we can apply on the VIP&nbsp;

jayson27 · Answer

Hi,&nbsp;You can use x-forwarded-for option on http profile.&nbsp;Reference:Using the X-Forwarded-For HTTP header to preserve the original client IP address for traffic translated by a SNAT object (f5.com)

inquisitivemai · Answer

This vip does not have HTTP profile, can we do something with just tcp profile&nbsp;

boneyard · Answer

Is asked more often, haven't seen anyone post a working solution for years, see for example:
how to insert client IP address in tcp profile for FTP connections | DevCentral
&nbsp;
There might be a chance by playing with the TCP::options, but that is pretty difficult and requires you to some how retrieve that information on the server side: Accessing TCP Options from iRules | DevCentral
&nbsp;
I would accept it isn't possible.

mayur_sutare · Answer

Configuring the F5 to insert into the TCP header of a connection can be a complicated implementation. So better way is to change the configuration where you can easily achieve the requirement.&nbsp;
&nbsp;

Have HTTP profile configured and enable XFF
Disable SNAT on the vServer and set gateways of backend servers to F5.

&nbsp;
Hope it helps!

Forum Discussion

Identify original client ip address for a VIP with only TCP profile

Recent Discussions

MAC address of deleted VS IP address still responsive

Different common name ssl acces 403 forbiddent

dynamic signature detection

DNS HM Probe issue

F5 looses the token for the first call

Related Content

Can't identify cookie

Adaptive Apps: Identify underlying issues in a complex app portfolio - Demo Kit

Unique Identifier for irules Http response

CSV to Address External Datagroup File

Change original source IP to random in ASM logs

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS