Lapsio
Dec 16, 2018Altostratus
How to configure source NAT for health monitors?
I have following deployment scenario:
dmz firewall --- F5-BIGIP --- internal firewall/router --- servers
F5 acts as gateway and uses 192.168.0.0/24 subnet on VLAN facing internal firewall. Virtual servers don't use source NAT. Internal firewall filters out all packets with private source IP incoming to gateway interface so all health monitors requests are rejected by internal firewall (as they originate from 192.168.0.0/24).
Is there any way to perform SNAT on health monitors to make them originate from our WAN IP?
I wanted to use iptables prerouting srcnat but it doesn't seem to be available on F5. There doesn't seem to be arbitrary SNAT functionality either. Would AFM allow to achieve such behavior?