F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

Mark_Ufland_579's avatar
Mark_Ufland_579
Icon for Nimbostratus rankNimbostratus
Sep 19, 2012

Loosing Client IP Addresses

We have a new virtual production environment that is using F5s. We have web applications that are load balanced and the traffic comes down an HTTPS line from the client through the firewall to the F...
config
design
What_Lies_Bene1's avatar
What_Lies_Bene1
Icon for Cirrostratus rankCirrostratus
Sep 19, 2012
Hey Mark. Generally speaking, unless you have SNAT setup, there's no reason you should be loosing the client source IP address. Is SNAT configured? Can it be turned off? If SNAT is a requirement for any reason then yes the best way to go would be to terminate SSL on the F5's and apply a HTTP Profile to the Virtual Server which is configured with XFF header insertion enabled. You could still use SSL to the web servers using a ServerSSL profile as well as the ClientSSL profile.