For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Thiyagu_343098's avatar
Thiyagu_343098
Icon for Nimbostratus rankNimbostratus
Sep 20, 2018

query on static NAT

Hi, we have design like the traffic from the client to LB is not getting SNAT so the source IP will be preserverd all the way to the application servers.   As far as the reverse traffic is concern...
application delivery
BIG-IP
LTM
AlanTen's avatar
AlanTen
Icon for Altostratus rankAltostratus
Sep 20, 2018

If you're not using SNAT and are preserving the client's real IP address all the way to the application servers then you will need to ensure that either you use the F5 VIP as the default gateway for the application servers or a network design/routing that will ensure that the return path traffic goes back to the F5.

 

Associating NAT to the VIP will ensure that the traffic returns via the F5 and is applied by using "Source Address Translation : AutoMAP" or "Source Address Translation : SNAT : user defined SNAT pool".