From CSS to F5 snat clarification

Question

Having taken over a project to replace our inline CSS with an F5, I can see on the CSS snat is being used on every VIP.  Am I correct in saying snat is not needed when the load balancer is inline? It’s confusing me why it is configured on the CSS, I know it is needed in one arm mode. So In my case with the F5 being the default gateway for the servers the VIP would look like this (converted from CSS with snat).&nbsp;
Comments / clarification welcome.&nbsp;
Thanks.&nbsp;
 &nbsp;
pool LoadTest_IIS {&nbsp;
     monitor all status-html&nbsp;
     lb method least conn&nbsp;
     member 10.61.4.2:80&nbsp;
     member 10.61.4.1:80&nbsp;
}&nbsp;
virtual LoadTest_IIS {&nbsp;
    pool LoadTest_IIS_LoadTest-Catchall&nbsp;
    destination 10.61.101.100:80&nbsp;
    profiles {&nbsp;
          tcp {}   &nbsp;
    }&nbsp;
    snat automap&nbsp;
    persist source_addr&nbsp;
}&nbsp;

nitass · Answer

Am I correct in saying snat is not needed when the load balancer is inline?yes 
&nbsp;  
&nbsp; So In my case with the F5 being the default gateway for the servers the VIP would look like this (converted from CSS with snat).it looks okay to me. by the way, if client is behind proxy, you may try cookie persistence (http profile is required) instead of source address.

craig_17766 · Answer

Thanks for the clarification :)

Forum Discussion

From CSS to F5 snat clarification

2 Replies

Recent Discussions

MAC address not showing up in LLDP packet

F5Access | MacOS Sonoma

Active- Active HA setup

syslog server connection

Cannot see floating MAC address outside of ESXi

Related Content

LTM Policy Options Clarification

SNAT IP address logging

Clarification about WebSocket and ASM

SNAT pool persistence

F5 SMTP Fast Template - SNAT Not working as expected