Forum Discussion
NimbostratusLoad Balancing Bluecoat proxy (transparent) and seeing the original ip
Hi guys,
I am setting up F5 to load balance bluecoat proxy servers and it is on the same segment with the user. I created a Virtual server that will be set on the client's web browser. Internet connection is directly connected to the proxy servers (external port) and the proxy's default gateway is pointed to the ISP.
user ->f5->bluecoat->internet
Our issue is that bluecoat admin wanted to see the ip address of the user instead of the F5 self-ip (using SNAT) since their policy is based on the ip address. Is there a way that we can see the client's ip address on the bluecoat even if we are using SNAT? They have tried using x forwarder but the source is still showing the ip add of f5. if we remove SNAT, the reply does not return to the client.
thanks
2 Replies
SSHSSH_97332i understand that you configured X-Forwarded on F5 sothat it can insert Original Client IP , but have you configured BlueCoat to look on IP on HTTP X-Forwarded Header instead of looking on IP at Layer 4 headers . I believe BlueCoat policies itselff should be adjusted to Look on X-Forwarded Headers
https://kb.bluecoat.com/index?page=content&id=KB1892
jake_macabuag_4yes, though the log shows the original ip, the monitoring screen still shows the SNAT ip. I will try if creating a VLAN Group will work. Based on the description of VLAN Group, seems the reply of bluecoat is directly going to the client since they are on the same subnet.
thanks
