Forum Discussion
AltocumulusRestricting access to a virtual server by Public IP address should access through only domain name.
seems you have not used your Domain certificate under client ssl profile , check thebelow link to upload your CA domain certificate and key to bigip and followed to that you need to create client ssl profile point to your Domain certificate/key and any chain certificate.
https://my.f5.com/manage/s/article/K14620#3
once done you check your domain for any ssl issue by running test in below link
https://www.sslshopper.com/ssl-checker.html
AltocumulusHi all
Thanks to all for reply
Now my webiste is up and working with domain name , but after making virtual server for Domain
i am getting incoming interface IP address instead of original Public source ip address in logs for virtual server in firewall which is placed below F5 ( i can see orginal Public source ip address in F5 logs but not in Firewall )
Traffic Flow
Public Network-------------->F5--------------------->FIREWALL
I am use SNAT for Published Domain.
Is there any setting in Virtual pool /Server ,where i can get orginal public address in F5 and Firewall logs.
CirrostratusAs you have enabled SNAT, you will see the F5 interface or SNAT pool ip in your backendserver logs or Any firewall in between as source IP.
one way to get the actual client IP in server for HTTP based traffic is to use the X-forwarded-For in http profile and modify the Webserver to use the X-forwarded-for value from header as client IP (not sure your firewall can see the http header value)
other way is to use the F5 interface/floating IP as default gateway in your backendservers and disable SNAT.
- vishu_chavan
hi ragu
Thanks for quick reply tried to apply suggest solution on virtual server
but still not getting orginial source ip address in firewall logs
If i only use snat ( without virtual server pool) i can get orginial source ip address in firewall logs
As i am running on oldest version of F5 kindly suggest apporiate workaround for mentioned version.
