For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Aditya_Mehra's avatar
Aditya_Mehra
Icon for Cirrus rankCirrus
Sep 08, 2017

Source Port Preserve in a Virtual Server

In a virtual server in the Configuration section we select the option in Source Port as "Preserve". If a client 1.2.3.4:1111 connects to the BIGIP and the Self IP is already using that particular por...
application delivery
BIG-IP
LTM
virtual server
MvdG's avatar
MvdG
Icon for Cirrus rankCirrus
Sep 08, 2017

Hi,

 

Are you using SNAT? Is you are using SNAT, the client session is NATed behind this SNAT address, so the self IP can use the same port 1111 because this is a different IP/port combination.

 

If you are not using SNAT but the server side connection uses the IP address of the egress interface, I think the F5 attemps to preserve the source port, but selects a different port if that source port is in use. See:

 

K13433: Configuring source port preservation for SNATs

 

Preserve Specifies that the system attempts to preserve the value configured for the source port unless the source port from a particular SNAT is already in use, in which case the system uses a different port. Preserve is the default behavior.

 

Regards, Martijn.

 

  • Aditya_Mehra's avatar
    Aditya_Mehra
    Icon for Cirrus rankCirrus
    Sep 08, 2017

    Hey Martijn, We have configured Source Address Translation as Auto Map and VLAN and Tunnel Traffic is are VLANs and tunnels.

     

    Regards, Aditya