Forum Discussion
You can use SNAT automap with X-forward profile to get client IP.
- Harry1Sep 08, 2016Nimbostratus
ok, if I will use X-forwarder then I will be able to see distributed leas pool ip of that client in my firewall right?
- Harry1Sep 08, 2016Nimbostratus
I enabled x-forward in http profile but actual client ip is not showing . appreciate any help here.
- IainThomson85_1Sep 08, 2016Cumulonimbus
The X-Forward-For IP will only insert the "True ip" in the HTTP Header, it won't change the IP that the firewall sees (Unless it can use Layer7 information)
Why are you using SNAT AUtomap in the firstplace ? Is this to get round a routing issue in a One-Arm deployment?
Can you create a two-arm deployment so Automap isn't required ?
- Harry1Sep 08, 2016Nimbostratus
Thanks Thomson, actually I cant change the architecture . we are using multiple modules like LTM,APM,GTM in production.
Firewall is seeing correct public ip that is ok but as per flow it will only see http traffic whether client I=will access rdp,ftp or anything right? I want to see that public ip in application server side say for if I run wireshark on application server and client starts RDP for this server, I only see selfip ..
- IainThomson85_1Sep 08, 2016Cumulonimbus
So, the first question I would ask.
Why are you using Automap in the first place ?
If you're using it because the F5 Isn't the DFGW for the servers you're connecting to, then you're going to have to play around with routing the traffic correctly some other way.
If there's no good reason you're using automap - Change the configuration.
- Harry1Sep 08, 2016Nimbostratus
ok, If I will set "none" in snat field, will it work when outside client will connect network access and get an ip from defined lease pool?
- IainThomson85_1Sep 08, 2016Cumulonimbus
@Prak: I don't know your architecture, that's something you'll have to figure out.
- Harry1Sep 08, 2016Nimbostratus
just connected bigip internal vlan . one arm mode. not using external and internal type of setup. can anyone please help here. I tried irule, http profile but client ip is not visible at application server side. application is just a RDP server in my test lab. and in same server I am also running IIS .
- IainThomson85_1Sep 08, 2016Cumulonimbus
Have a look at -