Forum Discussion

Nimbostratus

Jul 26, 2012

SNAT

Hi, I am new to irules and I have an issue with one of my customers where they require a SNAT enabled to route traffic correctly but they dont want the IP address to be that of the F5 self IP addres...

Historic F5 Account

Jul 26, 2012

If it traffic is sourced from the client's IP then the f5 in not SNATing the connection. That would be routed mode for the f5. Now if you need the IP address of the client for the logs. You can use SNAT and then use the x-fowarded header in the HTTP profile to show the server what the true IP address is. If this will not work you can use the TCP options field

https://devcentral.f5.com/Tutorials/TechTips/tabid/63/articleType/ArticleView/articleId/1086447/Accessing-TCP-Options-from-iRules.aspx

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

SNAT

Security Best Practices for F5 Products

F5 AppWorld 2026 Registration - early bird pricing.

Kostas Injeyan - October 2025 Featured Member

Recent Discussions

Cannot ping external interface

F5OS (rseries 2800) in transparent mode

Requirement for BIG-IQ VM Deployment in AWS

How can k8s CIS CRD VirtualServer reference existing APM Access profile?

F5 breaking Exchange authentication

Related Content

SNAT pool persistence

SNAT IP address logging

Understanding SNAT

Selective SNAT

Kill SNAT AutoMap!

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS