Forum Discussion

ithomas's avatar
Icon for Nimbostratus rankNimbostratus
Feb 23, 2017

True Source IP address

Currently using an F5 to load balance a Websense web proxy deployment. Using the vendors "; iApp template to load balance the traffic between blades which is working. The issue is that the proxy logs show the FIP of the load balancer rather than the true IP of the users system. I am not using SNAT, XFF is enabled on the HTTP services profile, XFF is also enabled on the web proxy.


What am I missing here?


3 Replies

  • When you say FIP, do you mean the LTM vip, or the real IP address of the LTM? If you aren't using SNAT, then I'm assuming that the websense boxes have their default GW set to the F5s?


    If SSL is involved (depending on how the proxy architecture is set up), I've run into the issue before if its passthrough and the LTM can't inject the header since it isn't terminating the SSL transaction and thus can't manipulate the HTTP requests midstream.


  • I'd say you need to take route on checking how websense proxy honors to capture the client IP from the XFF Header.


  • Faheda's comment made me a bit curious and dig a bit deeper. Looks like there is a SNAT in use through the iApp even though its not immediately visible through the config. Jaikumar, I will have to look into the header information getting to the proxy.


    Greatly appreciate both of your input into this topic.