SNAT & Automap query

1. If the client and servers are on the same VLAN using the VS on the F5, then yes you will need to use SNAT so that the traffic synchronous.

 

 

2. You would have to configure it on both in case one has to take it over during failure.

 

 

3. If you use SNAT Automap on the VS then all your traffic will be SNAT, therefore the web server will lose the ability to log unique address for all. The best way, in my mind is to use an IRULE on the VS. Such that it it ONLY stats based on the client's IP address. This way you can limit the amount of snat you need.

 

 

I hope this helps,

 

CB

 

Thanks for your prompt reply.I am just a newbie to LTM.

 

 

I had a small clarification on point 3rd you suggested.

 

 

1.Can you elaborate on point 3rd regarding iRule.The traffic flow will be from Internet to Web server VIP, one of the real web server IP to App server VIP. Also, there will be communication from Web servers to the core network which is on a different subnet ( not shown in the diagram) In this case,

 

 

a.What is the iRule that we need to create based on the Network diagram

 

 

b.On which virtual server (WEB or APP) do we need to bind the iRule

 

 

c.In case if we need to use SNAT, do we need it for Web servers or for App servers or do we need it both web & App considering the the traffic flow explained above.

 

 

Rgds./Joe

You shouldn't need snat for web -> app server traffic. You just need to make sure that the app servers and the firewalls have an appropriate route to return the traffic and that the web servers have an appropriate route to the app servers (default or otherwise).