F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

AhmedMS's avatar
AhmedMS
Icon for Altostratus rankAltostratus
Feb 24, 2023

F5 LTM SNAT features Question

Hello Dears, Could you please advise about the point of SNAT (AutoMAP); When should I enable it? I mean this bit of information that the server has GW path to router instead of having a next hop to ...
application delivery
Stefan_Klotz's avatar
Stefan_Klotz
Icon for Cumulonimbus rankCumulonimbus
Feb 24, 2023

Dear Ahmed,

this is more a network design question. As you already stated, it's a question where the GW of the servers are pointing to. And of course if the BIG-IP itself has an IP interface in the same VLAN as the servers. But if you are looking to a more generell answer, you need to guarantee, that the response traffic from the server has to go back through the BIG-IP. With SNAT enabled response traffic is forced to go back through the BIG-IP. Otherwise the client is getting the response from the servers IP instead of the VIP. Yes, there might be exceptions for this allowing asynchronous routing, but that's not recommended.

And I don't think your application owner will answer you this question. They normally have no idea about the underlying network design. You as the BIG-IP service owner should have the required network information and knowledge. Also a mixed setup, like it seems to be configured in your case, within the same environment is not recommended.

The main disadvantage of using SNAT is, that the original sourceIP gets lost for the server. For HTTP-traffic you can use the XFF-header, but for other protocols this might be an issue.

Hope that helps!

 

Regards Stefan 🙂