Forum Discussion

crengifo_232216's avatar
crengifo_232216
Icon for Nimbostratus rankNimbostratus
Apr 26, 2017

SNAT using Proxy SSL

Hi,   I am planning to create a virtual server, with ssl profiles (client and server) which will use the Proxy SSL feature. I wonder if the virtual server has to use a SNAT pool, automap (which I ...
  • Samir_Jha_52506's avatar
    Apr 26, 2017

    Its completely depend on Organization Network Setup. SNAT Automap uses the egress vlan interface IP. If you don't have visibility on Next hope setup, I will suggest you to configure SNAT Automap in VIP.

     

    For the Client->F5->Server, consider these scenarios:

     

    Routed, client source address goes to the server. Routes necessary back through F5 BIGIP on servers or servers gw

     

    Snat Automap, client source is managed on BIG-IP, source is translated to self IP on egress interface heading toward servers. For servers needing source IP for reporting or decision processes.

     

    Snat Pool, client source is managed on F5 BIGIP, but source is translated to an IP you configure and attach to the virtual server. I like this option because I can map external IP -> internal IP by application so I know what flows belong to what application on the inside of the organization/dmz as appropriate. If traffic isn't necessary to come back through the BIG-IP, can also snat to the original client's source IP.