Nimbostratus
NoctilucentYou can use SNAT automap with X-forward profile to get client IP.
Nimbostratusok, if I will use X-forwarder then I will be able to see distributed leas pool ip of that client in my firewall right?
NimbostratusI enabled x-forward in http profile but actual client ip is not showing . appreciate any help here.
CumulonimbusThe X-Forward-For IP will only insert the "True ip" in the HTTP Header, it won't change the IP that the firewall sees (Unless it can use Layer7 information)
Why are you using SNAT AUtomap in the firstplace ? Is this to get round a routing issue in a One-Arm deployment?
Can you create a two-arm deployment so Automap isn't required ?
NimbostratusThanks Thomson, actually I cant change the architecture . we are using multiple modules like LTM,APM,GTM in production.
Firewall is seeing correct public ip that is ok but as per flow it will only see http traffic whether client I=will access rdp,ftp or anything right? I want to see that public ip in application server side say for if I run wireshark on application server and client starts RDP for this server, I only see selfip ..
CumulonimbusSo, the first question I would ask.
Why are you using Automap in the first place ?
If you're using it because the F5 Isn't the DFGW for the servers you're connecting to, then you're going to have to play around with routing the traffic correctly some other way.
If there's no good reason you're using automap - Change the configuration.
Nimbostratusok, If I will set "none" in snat field, will it work when outside client will connect network access and get an ip from defined lease pool?
Cumulonimbus@Prak: I don't know your architecture, that's something you'll have to figure out.
Nimbostratusjust connected bigip internal vlan . one arm mode. not using external and internal type of setup. can anyone please help here. I tried irule, http profile but client ip is not visible at application server side. application is just a RDP server in my test lab. and in same server I am also running IIS .