Source Address Translation irule

Question

Afternoon, 
&nbsp;  
&nbsp; Our Load Balancer appliances are on a DMZ off our Firewall and we are load balancing http traffic to an internal server on a different LAN to the F5s. Traffic comes into the F5s and is then re-directed to a pool member back through the firewall. The problem we are having is all to do with Source addresses. The original Source address is a public one and this is maintained on re-route, so when it then gets re-routed via the firewall to the LAN where the pool member resides the firewall blocks this for two reasons, no rule to allow the internet client to an internal IP address and IP spoofing. 
&nbsp;  
&nbsp; Can I configure the F5 Virtual Server to translate the Source when re-routing to the actual node? Perhaps even translate it to the VS IP address itself. Perhaps using an iRule? 
&nbsp;  
&nbsp; Thanks in advance

the_bhattman · Answer

Hi Nathan, 
&nbsp;     Is it possible to throw up a network diagram.  It would help to follow what you are describing. 
&nbsp;  
&nbsp; Bhattman

naladar_65658 · Answer

I agree with Bhattman, a diagram would be nice.  Have you tried turning on SNAT Automap on the VIP?

nathe · Answer

Thanks both for getting back to me so promptly. I tried the SNAT option and this has worked. Source address is now translated to Virtual Server IP address and everything is happy. 
&nbsp; Thanks again. &nbsp;

Forum Discussion

Source Address Translation irule

Recent Discussions

Application only need to access from 2 uris

In Radius auth, how to allow second attempt of token input when the first input is incorrect?

AS3 Limitations

Unable to install firmware OS and drop at 10%

Statistics ›› Analytics : HTTP : Overview

Related Content

The Power of Source Address

health monitor source IP address

source address persistence maximum session timeout

Radware config translation

F5 Malicious Source IP Address Alert

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS