Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

Jeff_Morrison_4's avatar
Jeff_Morrison_4
Icon for Nimbostratus rankNimbostratus
Dec 03, 2008

Load Balance IMManger

I have a pair of Symantec IMManager servers that perform as a proxy to monitor IM chats. I have set up the LTM to pass the traffic on port 1863 (MSN) to the backend servers. All is working except I ...
config
design
dennypayne's avatar
dennypayne
Icon for Employee rankEmployee
Dec 04, 2008
This should probably go in the Config forum rather than iRules, but LTM by default preserves the client IP address. If it is not then you must be using SNAT. If LTM is the servers' gateway then you shouldn't need to, but if it is not, then you have to SNAT to preserve the routing, otherwise the servers will try to respond through their gateway back to the client directly. The client will then drop the packet because it does not have a session with the server, but with the virtual on the LTM.

 

 

With HTTP you can insert an X-Forwarded-For header which contains the original client IP address that the server can then log. I don't know if there is any similar mechanism for the protocol involved here, but I suspect not.

 

 

So bottom line is if you need to see client IP in the server logs you may have to redesign your network so that LTM is the default gateway for the servers.

 

 

Denny