Forum Discussion
sathish_126179
Nimbostratus
NimbostratusSFTP setup for capturing client IPs
We have load balanced our SFTP servers in BIG-IP LTM v10 by enabling the below settings in virtual server:
Performance (layer 4)
FastL4 profile
SNAT: Automap
Since we want to rely on our ex...
X-Forwarded-For is an HTTP header, so it has no meaning in the context of other protocols, regardless of virtual server type.
Without using the BIG-IP as the SFTP servers' default gateway, or using policy based routing to send the application servers' response traffic back to the BIG-IP, there is unfortunately no other way to have the original client IP available to the network layer once SNAT has occurred.
The logging option is a good suggestion, though I would advise using High Speed Logging (HSL) to a remote logging destination if you expect a high connection count. Have a look at the following article to get you started on HSL:
https://devcentral.f5.com/articles/-the101-irules-101-logging-amp-comments.Uh0DlmQ6Xs8
