cancel
Showing results for 
Search instead for 
Did you mean: 

Is it possible to disable NAT selectively

wtwagon_99154
Nimbostratus
Nimbostratus

I.e.

 

If applied to a IP forward VIP, is it possible to selectively no-NAT via an iRule, similar to the following:

 

when CLIENT_ACCEPTED { snat none }

 

Or does this iRule statement also remove the NATs with the presence of "snat none"?

 

Thanks.

 

2 REPLIES 2

JRahm
Community Manager
Community Manager

you can be more selective than just the event itself, limiting to particular subnets or host. Details on snat behavior from iRules from the snat command page in the iRules wiki:

 

Causes the system to assign the specified source address to the serverside connection(s). The assignment is valid for the duration of the clientside connection or until 'snat none' is called. The iRule SNAT command overrides the SNAT configuration of the virtual server or a SNAT pool. It does not override the 'Allow SNAT' setting of a pool.

 

The answer regarding enabling/disabling the destination NAT can be found here:

https://clouddocs.f5.com/api/irules/translate.html