Forum Discussion
Mark_Ufland_579
Nimbostratus
Sep 19, 2012Loosing Client IP Addresses
We have a new virtual production environment that is using F5s. We have web applications that are load balanced and the traffic comes down an HTTPS line from the client through the firewall to the F...
What_Lies_Bene1
Cirrostratus
Sep 19, 2012Hey Mark. Generally speaking, unless you have SNAT setup, there's no reason you should be loosing the client source IP address. Is SNAT configured? Can it be turned off? If SNAT is a requirement for any reason then yes the best way to go would be to terminate SSL on the F5's and apply a HTTP Profile to the Virtual Server which is configured with XFF header insertion enabled. You could still use SSL to the web servers using a ServerSSL profile as well as the ClientSSL profile.
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects