Forum Discussion

Cirrus

Apr 11, 2015

Local traffic Policy, SNAT action

Hi Guys, Did anyone use Local traffic policy for applying SNAT to just one user? I can see in the action "SNAT", but at the match conditions I couldn't find source address, in TCP.

Noctilucent

Apr 11, 2015

but at the match conditions I couldn't find source address, in TCP.

no parameter means source address.

e.g.

root@(ve11c)(cfg-sync Disconnected)(Active)(/Common)(tmos) list ltm policy cpm1
ltm policy cpm1 {
    controls { forwarding }
    requires { tcp http }
    rules {
        rule1 {
            actions {
                0 {
                    forward
                    select
                    snat automap
                }
            }
            conditions {
                0 {
                    tcp
                    address
                    matches
                    values { 172.28.24.0/24 }
                }
            }
            ordinal 1
        }
    }
    strategy first-match
}

andrew_C1

Nimbostratus

Jul 02, 2015

Hi, just wanted to say thax for this, This post is the only place i have been able to find how to use a Policy based off client ip address! The non existent documentation around policies is terrible. From my perspective i would rather uses a Policy if a can rather then an irule, so when i leave a customer i leave them with something that doesn't require an understanding of TCL and F5 specific functions/operators. thax nitass, in conditions, operand = tcp event = request parameters = LEAVE IT BLANK condition= matches values = IP and Prefix

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)