Forum Discussion
NimbostratusLTM and GlobalScape EFT Server IP access/ban list...
I am trying to place our EFT Enterprise Server behind our Big-IP using LTM. The configuration works and the traffic passes through using SSL bridging. However, the EFT server only sees the self-ip/floating-ip addresses since AutoMap/SNAT is enabled. Because of this reason, the IP access/ban list feature on the EFT server cannot be put to use. The EFT server cannot see or act on the original client IP that is inserted on the X-Forwarded-For header. The default source address persistence settings do not pass the original ip addresses.
Any help will be most welcomed. Thank you!
2 Replies
JGCumulonimbus
Well, if you want to keep Globalscape's support, you may want to follow its advice on this at:
https://kb.globalscape.com/KnowledgebaseArticle11314.aspx .
EFT does not seem to be able to support the workaround using tcp options field as described in https://devcentral.f5.com/wiki/iRules.TCP__option.ashx .
Carlos_Colon_24Thank you, Jie! I had called GlobalScape support and they did not mentioned this article. It is very very helpful. I really appreciate you sharing it with me and the rest of the info.
I am going to see if I can set up using the F5 devices as the servers' gateway.
