why do we use snat pool list

Hi VJ,

the "SNAT list" or "default SNAT" (legacy F5 term, if I remember right) forwards traffic (specified in the "Origin" section (might be VLAN(s) and/or IP adddress(es) / IP address range(s)) independently from a virtual server. (Nathan described it similarily as a listener.)

As a SNAT entity it will replace the original source IP address with the defined SNAT address.

In case there is a virtual server handling the traffic, the default SNAT may apply as well if there are no configuration options in your pool settings or iRules preventing it.

Whenever possible I try to avoid using "SNAT lists" / "default SNATs".

Instead I specify a SNATpool or SNAT AutoMap in the context of a virtual server.

The virtual server might be a network virtual server in mode IP forwarding.

By using virtual servers (sometimes combined with an iRule for selective SNAT operations) you will get much better control and visibility of your traffic.

In case you are using SNAT with pre-defined addresses (applies as well with SNATpools) make sure to assign idle timeouts in the SNAT address section, please.

If you want to SNAT non-TCP/non-UDP traffic (i.e. ICMP) it will be necessary to modify a global setting which can be found in the WebUI: (System >> Configuration : Local Traffic : General [SNAT packet forwarding]).

Or use tmsh instead to enable/disable this feature globally:

tmsh modify sys db snat.anyipprotocol value enable
tmsh modify sys db snat.anyipprotocol value disable

Thanks, Stephan