F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

taro_107756's avatar
taro_107756
Icon for Nimbostratus rankNimbostratus
Nov 02, 2007

OneConnect: Security Consideration

The following description is in SOL6997.     "The BIG-IP LTM applies the source mask to the request, finds an eligible TCP connection, and aggregates the request from client B over the existing...
config
design
zafer's avatar
zafer
Icon for Nimbostratus rankNimbostratus
Jun 03, 2008
Hi Deb,

 

 

if i configure oneconnect profile with network mask /24. What will i see source ip address in sniffed packets on server side (between bigip and servers).

 

 

why ask this question;

 

 

the server has access list ; some client accessible application the others not

 

if i configure the oneconnect profile with mask /24 some times i see forbidden.

 

 

when i look the tcpdump on client side source address exist on server accesslist but when i look the server side tcpdump i see different source address.

 

 

what i understand f5 uses first time opened connection on server side (when oneconnect enabled) and if the ip address can be different client address on client side?

 

 

regards

 

 

zafer