Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

Ip Public of web client

MAARADJI
Nimbostratus
Nimbostratus

‎16-Dec-2020 03:56

The developer want receive the IP adresse of end client in server web to do some statistic, but the Waf f5 Big-ip does not send the ip public address, the waf f5 send the self IP of Waf f5. is there a solution to use reverse proxy of the Waf without using SNAT or automap.

the image show the objectif of what we want.

thank you

 

0691T00000BGMwXQAX.jpg 

 

Labels:
0 Kudos
7 REPLIES 7

Mayur_Sutare
MVP
MVP

‎16-Dec-2020 04:53 - last edited on ‎24-Mar-2022 01:08 by Fog

 

 

  1. If you do not want to use SNAT/Automap, you can use F5 in Routed mode. In this type of architecture, you need to keep default gateway of web-server to F5. So with this, web-server will see request from actual client IP (as per objective of developer).

 

  1. There is one more option i.e. using X-Forward-For setting under http profile. With this, you can use SNAT/Automap on the VS and still F5 sends actual client IP under its header. So under http header, web-server can see the client IP. For this, you need to enable advanced logging at web-server end.

 

Hope it helps you !

0 Kudos

MAARADJI
Nimbostratus
Nimbostratus

‎20-Dec-2020 02:36

can you show me an example or a tutorial of how to implement the routed mode.

0 Kudos

Mayur_Sutare
MVP
MVP

‎20-Dec-2020 03:02 - last edited on ‎24-Mar-2022 01:08 by Fog

Hi  ,

 

You can refer Routed Mode section under below article.

 

https://support.f5.com/csp/article/K96122456

0 Kudos

MAARADJI
Nimbostratus
Nimbostratus

‎24-Dec-2020 07:31 - last edited on ‎24-Mar-2022 01:08 by Fog

hi  

thank you for your response,

Please, i haven't idea on how to implement this routed mode, can you send another a link who he explain it by an exemple.

thank you in advance for your help

 

 

0 Kudos

Mayur_Sutare
MVP
MVP

‎24-Dec-2020 08:05 - last edited on ‎24-Mar-2022 01:08 by Fog

 ,

 

Please find attached high level connectivity diagram for Routed mode.

 

Normally as you know that SNAT/Automap is enabled for avoiding asymmetric routing issues for application requests which are coming via F5. This is because, most of time backend web-server default gateway is set to Core Switch/Router but not-F5. With this SNAT, settings, actual client IP is not visible at web-server end. This is your current case.

 

Now in Routed mode, Web-Server gateway is pointed towards F5 IP address. And so Asymmetric routing issue will not come in this type of architecture as response to client request coming from F5 will go through F5 only. No need of enabling SNAT/Automap settings. In this case, actual client IP will be visible at web-server end. This is your requirement/use case.

 

In routed mode type architecture, you may need to add network & VLAN configuration on F5 for the web-server subnet.

 

Hope it helps you!

Mayur0691T00000BHp4WQAT.jpg

0 Kudos

MAARADJI
Nimbostratus
Nimbostratus

‎30-Dec-2020 01:32 - last edited on ‎24-Mar-2022 01:08 by Fog

Hi  

thank you for your help, I understood well and I was able to realize it thanks to your explanation

 

0 Kudos

Mayur_Sutare
MVP
MVP

‎30-Dec-2020 03:20

I am glad it helped you. Cheers!

0 Kudos
Copyright © 2023 Khoros, LLC