iRule for SNAT using subnet range rather than host base
Hi,
I'm just a newbie using iRule for SNAT. We have an internal server that being access by our external customer that require us to allow their Company Public IP (i.e /24) rather than single host. Their Company is located from diff country that's why they wanted to some kind of diversity.
I'm thinking of creating below configuration and want to know if this type of configuration is allowed on F5 and security wise. Is it advisable or there's a better way to of allowing range of subnet from external to access internal resource.
when CLIENT_ACCEPTED {
log local0. "client:"
if { [IP::client_addr] contains "170.42.6.0/24" } {
snat 10.1.147.13
} elseif { [IP::client_addr] contains "70.40.6.0/24" } {
snat 10.1.147.13
} elseif { [IP::client_addr] contains "16.52.171.0/24" } {
snat 10.1.147.13
} elseif { [IP::client_addr] contains "200.52.171.0/22" } {
snat 10.1.147.13
}
}