Forum Discussion
What_Lies_Bene1
Sep 19, 2012Cirrostratus
Hey Mark. Generally speaking, unless you have SNAT setup, there's no reason you should be loosing the client source IP address. Is SNAT configured? Can it be turned off? If SNAT is a requirement for any reason then yes the best way to go would be to terminate SSL on the F5's and apply a HTTP Profile to the Virtual Server which is configured with XFF header insertion enabled. You could still use SSL to the web servers using a ServerSSL profile as well as the ClientSSL profile.