For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

IRONMAN's avatar
IRONMAN
Icon for Cirrostratus rankCirrostratus
May 09, 2019
Solved

SNAT for outbound connections from members to internet and intranet

Any one confirm please , below irule will give me this solution?

SNAT for outbound connections from members to internet and intranet members IP range: 172.0.0.0 single vip with IP 192.0.0.5

So members can access the internet via same vip to internet and intranet? Actually i dont understand how this taking applying for only outbound connections?

{ when CLIENT_ACCEPTED {

     if { [IP::addr [IP::client_addr] equals 172.0.0.0] }
      { snatpool xxxx }
      elseif 
       { snat none } 
    }
}
application delivery
devops
iRules
LTM
  • hoolio's avatar
    hoolio
    May 19, 2019

    Hi Ironman,

     

    You could create a forwarding virtual server with a destination IP:port of 0.0.0.0:0 with a source of 172.0.0.0/8 enabled on the VLAN that the clients are connecting into the BIG-IP on. You could enable your SNAT pool on the virtual server.

     

    This should work without an iRule.

     

    Aaron

2 Replies

  • hoolio's avatar
    hoolio
    Icon for Cirrostratus rankCirrostratus
    May 19, 2019

    Hi Ironman,

     

    You could create a forwarding virtual server with a destination IP:port of 0.0.0.0:0 with a source of 172.0.0.0/8 enabled on the VLAN that the clients are connecting into the BIG-IP on. You could enable your SNAT pool on the virtual server.

     

    This should work without an iRule.

     

    Aaron

    • IRONMAN's avatar
      IRONMAN
      Icon for Cirrostratus rankCirrostratus
      Jun 14, 2019

      Thanks,

       

      Should i add VLAN of external, that connecting to upstream? or Server VLAN?

      SNAT i can apply server IP? is it possible? because client need to server IP, that connection coming from?