XFF and the ASM module

So, we believe we have the solution to the issue.

I only found out yesterday that there is another piece of kit between the BigIp and the financial monitoring app.

So, what I believe is happening is, because of the legacy root domains set up on the system before I was an eye in my father's twinkle, there is an additional two characters added to the ip address %1 or %2

So, we have 17 chars. The "new" piece of kit is configured to only accept the standard 15. So, we need to reconfigure this piece of kit to strip off the %1 or %2 and then pass it to the financial monitoring package.

This is the way it was done before on the other network. Obviously me asking the customer for the full topology multiple times and asking the question "is there anything else in the route" was not understandable!!

For the forum's information, the iRule that was put into place was one that is published on the F5 website here K4816: Using the X-Forwarded-For HTTP header to preserve the original client IP address for traffic translated by a SNAT

when HTTP_REQUEST {
HTTP::header insert X-Forwarded-For [IP::remote_addr]
}

So, in summary Verisign added XFF BigIp added its XFF (but also added root domain %1 or %2) SAS interpreted 15 chars not 17 Financial package dropped packets.

Plan Adjust SAS to read 17 chars and then strip off the %1 or %2 Financial package will read 15 and accept multiple XFF

Big thank you to all who contributed.