For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

sachin_80710's avatar
sachin_80710
Icon for Nimbostratus rankNimbostratus
Sep 04, 2014

Link Controller - Create Link(ISP) object

Hi All,   I have to install LC, Need your suggestions and help on configuration. I don't want to do any changes(no NAT changes) on existing customer firewall.   1) My LC deployment architecture...
application delivery
availability
deployment
design
LTM
StephanManthey's avatar
StephanManthey
Icon for Nacreous rankNacreous
Sep 05, 2014

In case of a standalone system SNAT automap should do it automatically. Indeed there were changes in behaviour (means a SNAT address [if configured] needs to belong to the same traffic-group as the virtual server). With SNAT automap a self IP will be picked and in case there is an available floating self IP on the egress interface the rule above applies.

 

To be on the very safe side you could put your both "external" self IPs into a SNATpool and associate it with your virtual server.

 

An iRule could be used to apply service specific selective SNAT. I.e. you provide 2 virtual servers for inbound mail and want to make sure outgoing mail will be source NATed with exactly these addresses (makes sense as the external receiving MTA may do a reverse lookup to validate the authenticity). For this enhancement you can still go ahead without an iRule. Just create a new network wildcard virtual server on the internal interface but set the service port i.e. to tcp/25 and use a SNATpool containing the IP addresses corresponding to your MX records and the default gateway pool.