Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

roracz's avatar
roracz
Icon for Nimbostratus rankNimbostratus
7 years ago

SNAT Pool members from directly connected network

Hi, In SNAT Pool creation manual we can read: 4. For the Member List setting: a. In the IP Address field, type an IP address. The BIG-IP system uses this address as a SNAT translation ...
application delivery
LTM
youssef1's avatar
youssef1
Icon for Cumulonimbus rankCumulonimbus
7 years ago

Hi,

 

As you told, you use addresses from directly connected egress vlans.

 

  • cluster you will use floating.
  • standalone you will use self directly connected egress vlans.

When you create a snat pool you have to pay attention about following point:

 

  • even if you don't use your snat pool (attach snat to vs), F5 answers the ARP queries for that IP address. So don't use an IP that already use (This address must NOT be on a directly-connected network), you risk having an IP conflict...

     

  • snat pool is an failover object, if you have an cluster and it occur a failover, SNAT IP will failover to and new device active will send gratuitous arp including your IP snat pool.

     

So overall (This address must NOT be on a directly-connected network) this sentense means that you have to be carefull to not Use an existing IP. under threat of having IP conflict problems...

 

Hope it's clear.

 

regards,