Selective SNAT based on Data Group

Question

I have two 6400s (active/standby) running 9.1 load balancing two ftp servers.  I need to selectively SNAT the source based on a data group.  The data group has a list of networks that I want to SNAT for.  Everything else I don't want to SNAT.  I have not been able to find an example of this.  Can someone help?  &nbsp;
&nbsp;This is what I have slapped together. &nbsp;
&nbsp;class dg_SRCNets  {
&nbsp;   network 10.0.0.0 mask 255.0.0.0
&nbsp;   network 192.168.0.0 mask 255.255.255.0
&nbsp;}&nbsp;
&nbsp;when CLIENT_ACCEPTED {
&nbsp; if {[matchclass[IP::client_addr] eq $::dg_SRCNets]} {
&nbsp;    snat automap}
&nbsp; else {
&nbsp;    snat none}
&nbsp;}&nbsp;
&nbsp;I have no idea if this is correct...

unruley_95363 · Answer

Yup, that's pretty much what you need.

Forum Discussion

Selective SNAT based on Data Group

Recent Discussions

Application only need to access from 2 uris

In Radius auth, how to allow second attempt of token input when the first input is incorrect?

AS3 Limitations

Unable to install firmware OS and drop at 10%

Statistics ›› Analytics : HTTP : Overview

Related Content

Select pool based on HTTP host header

Certified Kubernetes Administrator - Study Group

Group based authorization + OAuth 2.0 client setup with APM

Cookie-based DDoS protection

VLAN Group and Asymmetric Deployment

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS