Forum Discussion

Nimbostratus

Aug 11, 2011

SNAT - Do i need it?

Hi, We have a LTM which has a standard HTTP VIP with a pool of ISA proxy servers. SNAT automap is enabled for this VIP. The guys who manage the proxys have said that they need to s...

config

design

nathe

Cirrocumulus

Aug 11, 2011

Luca

SNAT is great in the one-armed setup whereby the LTM isn't the default gateway to ensure return traffic goes via the LTM, and that's the need I have here at my org. If you disable SNAT you'll need to ensure that there is a route back from the ISA servers to the original clients that goes via the LTM, else out of state issues will occur, for example. As for internet traffic the isa will proxy the traffic anyway so that will be the source as far as the internet webservers are concerned.

You could add the x-forwarded-for profile to the VIP, whilst using SNAT, although that would require that the ISA server can read this field in the header. Not sure about ISA I'm afraid.

Forum Discussion

SNAT - Do i need it?

Recent Discussions

Wildcard SSL Certificate Deployment on F5 LTM

Migration from i series 10200 with 1 child VCMP to r series 10900 series

Open Redirection Mitigation

GTM Packet Capture command

How to Implement 2 Way SSL in F5 LTM

Related Content

It's a Kubernetes world and I'm just living in it

SNAT IP address logging

What is SMTP Smuggling and how can you deal with it?

SNAT pool persistence

WorldTech IT - Who Ya Gonna Call? Scary Hack Story