cancel
Showing results for 
Search instead for 
Did you mean: 

Ip Public of web client

MAARADJI
Nimbostratus
Nimbostratus

The developer want receive the IP adresse of end client in server web to do some statistic, but the Waf f5 Big-ip does not send the ip public address, the waf f5 send the self IP of Waf f5. is there a solution to use reverse proxy of the Waf without using SNAT or automap.

the image show the objectif of what we want.

thank you

 

0691T00000BGMwXQAX.jpg 

 

7 REPLIES 7

 

 

  1. If you do not want to use SNAT/Automap, you can use F5 in Routed mode. In this type of architecture, you need to keep default gateway of web-server to F5. So with this, web-server will see request from actual client IP (as per objective of developer).

 

  1. There is one more option i.e. using X-Forward-For setting under http profile. With this, you can use SNAT/Automap on the VS and still F5 sends actual client IP under its header. So under http header, web-server can see the client IP. For this, you need to enable advanced logging at web-server end.

 

Hope it helps you !

MAARADJI
Nimbostratus
Nimbostratus

can you show me an example or a tutorial of how to implement the routed mode.

Hi  ,

 

You can refer Routed Mode section under below article.

 

https://support.f5.com/csp/article/K96122456

MAARADJI
Nimbostratus
Nimbostratus

hi  

thank you for your response,

Please, i haven't idea on how to implement this routed mode, can you send another a link who he explain it by an exemple.

thank you in advance for your help

 

 

 ,

 

Please find attached high level connectivity diagram for Routed mode.

 

Normally as you know that SNAT/Automap is enabled for avoiding asymmetric routing issues for application requests which are coming via F5. This is because, most of time backend web-server default gateway is set to Core Switch/Router but not-F5. With this SNAT, settings, actual client IP is not visible at web-server end. This is your current case.

 

Now in Routed mode, Web-Server gateway is pointed towards F5 IP address. And so Asymmetric routing issue will not come in this type of architecture as response to client request coming from F5 will go through F5 only. No need of enabling SNAT/Automap settings. In this case, actual client IP will be visible at web-server end. This is your requirement/use case.

 

In routed mode type architecture, you may need to add network & VLAN configuration on F5 for the web-server subnet.

 

Hope it helps you!

Mayur0691T00000BHp4WQAT.jpg

MAARADJI
Nimbostratus
Nimbostratus

Hi  

thank you for your help, I understood well and I was able to realize it thanks to your explanation

 

I am glad it helped you. Cheers!