Requesting clarification of srcport "preserve strict"

There is additional information within the BigIP Configuration Console Help Menu that describes the selectable options.

 

 

Preserve:

 

Specifies that the system preserves the value configured for the source port, unless the source port from a particular SNAT is already in use, in which case the system uses a different port.

 

 

Preserve Strict:

 

Specifies that the system preserves the value configured for the source port. If the port is in use, the system does not process the connection. If the port is in use by another connection, the system uses that source port anyway, and the destination server cannot distinguish the traffic of the connections sharing that source port. F5 Networks recommends that you restrict use of this setting to cases that meet at least one of the following conditions:

 

 

- The port is configured for UDP traffic.

 

- The system is configured for nPath routing or is running in transparent mode (that is, there is no translation of any other Layer 3 or Layer 4 field).

 

- There is a one-to-one relationship between virtual IP addresses and node addresses, or clustered multi-processing (CMP) is disabled.

 

 

Change:

 

Specifies that the system changes the source port. This setting is useful for obfuscating internal network addresses.