For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Maverick_80689's avatar
Maverick_80689
Icon for Nimbostratus rankNimbostratus
Sep 10, 2014

Internet access doesnt work with LB as gateway and snat disabled but if we use a snatpool it works. Does anybody know why?

Internet access doesnt work with LB as gateway and snat disabled but if we use a snatpool it works. I am not sure what will be the source addr of outbound internet traffic when it passes through our ...
design
Maverick_80689's avatar
Maverick_80689
Icon for Nimbostratus rankNimbostratus
Sep 11, 2014

Ok here are the answers:

 

  1. Snatpool has only one ip address.
  2. LB is the default gateway and both the client and snat addr are private since we have a firewall in front of LB.
  3. Firewall is allowing the complete subnet that includes client pool members, lb self ips and vip subnet.

So the outbound traffic without snatpool will have the client as the source ip addr but i dont see that traffic hitting the firewall. But when snat pool is enabled, it goes through to the internet using firewall pat ip addr. It seems that LB is dropping traffic initiated from pool members if we dont enable snat.