The developer want receive the IP adresse of end client in server web to do some statistic, but the Waf f5 Big-ip does not send the ip public address, the waf f5 send the self IP of Waf f5. is there a solution to use reverse proxy of the Waf without using SNAT or automap.
the image show the objectif of what we want.
16-Dec-2020 04:53 - last edited on 24-Mar-2022 01:08 by li-migration
Hope it helps you !
20-Dec-2020 03:02 - last edited on 24-Mar-2022 01:08 by li-migration
You can refer Routed Mode section under below article.
24-Dec-2020 07:31 - last edited on 24-Mar-2022 01:08 by li-migration
thank you for your response,
Please, i haven't idea on how to implement this routed mode, can you send another a link who he explain it by an exemple.
thank you in advance for your help
24-Dec-2020 08:05 - last edited on 24-Mar-2022 01:08 by li-migration
Please find attached high level connectivity diagram for Routed mode.
Normally as you know that SNAT/Automap is enabled for avoiding asymmetric routing issues for application requests which are coming via F5. This is because, most of time backend web-server default gateway is set to Core Switch/Router but not-F5. With this SNAT, settings, actual client IP is not visible at web-server end. This is your current case.
Now in Routed mode, Web-Server gateway is pointed towards F5 IP address. And so Asymmetric routing issue will not come in this type of architecture as response to client request coming from F5 will go through F5 only. No need of enabling SNAT/Automap settings. In this case, actual client IP will be visible at web-server end. This is your requirement/use case.
In routed mode type architecture, you may need to add network & VLAN configuration on F5 for the web-server subnet.
Hope it helps you!
30-Dec-2020 01:32 - last edited on 24-Mar-2022 01:08 by li-migration
thank you for your help, I understood well and I was able to realize it thanks to your explanation
I am glad it helped you. Cheers!