For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

NoelMcK_381487's avatar
NoelMcK_381487
Icon for Nimbostratus rankNimbostratus
Feb 17, 2019

Outbound SNAT with private external address

I need to setup an outbound sftp connection from the 10.x.x.x servers to the Internet beyond the FW. Configuring a SNAT outbound from source 10.x.x.x servers to a source 200.x.x.x/32 address on ...
application delivery
LTM
RaghavendraSY's avatar
RaghavendraSY
Icon for Altostratus rankAltostratus
Feb 17, 2019

Configuration should be like below: F5 (10.X.X.X) --- > Firewall (172.x.x.) ---> NAT should be on firewall for 172.x.x.x to 200.x.x.x

 

You need to configure as mentioned below:

 

  1. Configure F5 VIP and pool member should be 172.x.x.x. For example pool member is 172.1.1.1
  2. You should create NAT on Firewall for 172.1.1.1 and it should map to public IP 200.1.1.1
  3. F5 should have routes towards firewall
  4. Firewall should have route towards internet.

I hope this helps.

 

NoelMcK_381487's avatar
NoelMcK_381487
Icon for Nimbostratus rankNimbostratus
Feb 17, 2019

I assume the VIP is a 10.x.x.x addr on the inside? If that's the case, the F5 will perform the destination translation to the 172.1.1.1 outbound?

 

The destination IP that the 10.x.x.x servers will connected to could be any public IP. I should also mention that one of the other external legs of the F5 has a public IP range and connected to another interface on the FW. The default route for the F5 is pointing via this interface.