Forum Discussion
Maverick_80689
Sep 11, 2014Nimbostratus
Ok here are the answers:
- Snatpool has only one ip address.
- LB is the default gateway and both the client and snat addr are private since we have a firewall in front of LB.
- Firewall is allowing the complete subnet that includes client pool members, lb self ips and vip subnet.
So the outbound traffic without snatpool will have the client as the source ip addr but i dont see that traffic hitting the firewall. But when snat pool is enabled, it goes through to the internet using firewall pat ip addr. It seems that LB is dropping traffic initiated from pool members if we dont enable snat.