Hi,
in case you are using a node and a nexthop command in your iRule the
order of the commands seems to matter.
At least in TMOS v11.5.1HF8 it is required to set the node first and then to set the nexthop.
I.e. as follows:
when CLIENT_ACCEPTED {
snat [IP::local_addr]
node 10.131.131.62
nexthop vlan_dmz 2:f5:f5:20:b0:2
}
In my clients scenario the node is locally attached to the BIG-IP but the request has to be forwarded through a locally attached firewall in another VLAN.
This failed, if the nexthop was set before setting the node.
In this case the nexthop command was simply ignored and the request forwarded directly to the locally attached node (firewall bypassed).
Thanks, Stephan