Forum Discussion
AltocumulusRestricting access to a virtual server by Public IP address should access through only domain name.
seems you have not used your Domain certificate under client ssl profile , check thebelow link to upload your CA domain certificate and key to bigip and followed to that you need to create client ssl profile point to your Domain certificate/key and any chain certificate.
https://my.f5.com/manage/s/article/K14620#3
once done you check your domain for any ssl issue by running test in below link
https://www.sslshopper.com/ssl-checker.html
CirrostratusAs you have enabled SNAT, you will see the F5 interface or SNAT pool ip in your backendserver logs or Any firewall in between as source IP.
one way to get the actual client IP in server for HTTP based traffic is to use the X-forwarded-For in http profile and modify the Webserver to use the X-forwarded-for value from header as client IP (not sure your firewall can see the http header value)
other way is to use the F5 interface/floating IP as default gateway in your backendservers and disable SNAT.
Altocumulushi ragu
Thanks for quick reply tried to apply suggest solution on virtual server
but still not getting orginial source ip address in firewall logs
If i only use snat ( without virtual server pool) i can get orginial source ip address in firewall logs
As i am running on oldest version of F5 kindly suggest apporiate workaround for mentioned version.
