Preserving source IP in L4 VIP

Question

So I created a VIP for sending log data to a couple of syslog servers.  I created a L4 vip and it works fine, except the data shows up with the interface IP of the F5 which is to be expected (automap.)  Since it is L4 I can't use X-forwarded for, I am wondering if I can use an Irule to preserve the source address of the traffic so it makes a little more sense when it gets in the syslog server.  I am running a basic Irule to restrict traffic, would that conflict?  Or since the traffic only gets pushed to the syslog servers can I do none for SNAT to preserve the original IP address?  Would this have any affect on my other VIPS?  Being UDP traffic I don't need to worry about asymmetric traffic do I?  I am running 11.5.1, I read you can use HTTP profiles in 12 for L4 VIPs but there were a lot of restrictions, is X-forwarded for not allowed?  Any guidance on this would be super helpful!
Thank you as always!
Joe&nbsp;

kevin_stewart · Answer

Syslog traffic is generally one-way, so you shouldn't need SNAT.&nbsp;

jinshu · Answer

You got the answer in question itself mate..!!&nbsp;
since the traffic only gets pushed to the syslog servers you can do none for SNAT to preserve the original IP address.&nbsp;
Cheers&nbsp;
-Jinshu&nbsp;

Forum Discussion

Preserving source IP in L4 VIP

2 Replies

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

F5 Networks F5CAB1 Exam - Need Help Regarding Prep

Username is not filled in EdgeClient in the Modern customization

The GSLB pool is providing an incorrect IP to end users

iRule causing requests to be duplicated (sometimes)

Cisco TACACS+ Config on ISE LTM Pair

Related Content

HTTP POST redirect preserving POST data

Phishing, Malware, Breach and Open-Source Security

Capturing source IP addresses for VIP

Lightboard Lessons: Vip Targeting Vip

The Power of Source Address

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS