The elite of DC has spoken but I just wanted to add a small note on OneConnect. It's an awesome feature but you should be aware of some things if the following conditions are true:
- You are not source NAT:ing your traffic already
- You depend on source IPs in your server logs (most people do)
- You want to enable OneConnect
Then make sure that the X-Forwarded-For headers are inserted on the F5 and that the servers can read them. Otherwise you'll see some strange traffic patterns in the server logs. 🙂
More about XFF here:
https://support.f5.com/csp/article/K4816
Kind regards,
Patrik