Forum Discussion
MichaelatF5
Feb 08, 2016Employee
A good rule of thumb, is Most Specific First.
To be specific about it:
- Existing Connections
- Packet Filter
- Virtual Server
- SNAT
- NAT
- SELF-IP
- DROP
However, if you have a wildcard VS that is LESS specific than your SNAT entry, then SNAT will win. If you have existing VS that are configured specifically for application traffic (Source, Destination, Protocol, Port, etc) that will win over a WC Virtual Server with NO PORT, NO DESTINATION, NO SUBNET, etc.