AFM: Matching order between AFM rule and NAT

Question

Hi,&nbsp;
I have a question on AFM and matching order process between AFM Fw rule and LTM NAT.&nbsp;
When I create a new rule, which IP should I use ? Origin or translated IP ?&nbsp;
Best regards&nbsp;

thomas_gobet · Answer

Hi,&nbsp;
Which NAT are you talking about ?
If it's SNAT applied on a VS, you don't need to know it when you're on AFM.&nbsp;
SNAT is applied when the packet is leaving out your BIG-IP.&nbsp;

brahim94_11525 · Answer

Hi,&nbsp;
Thank you for the feedback,&nbsp;
OK so for the SNAT when I create rule, I have to use the origin IP. Is it the same thing for destination NAT (create via LTM -&gt; NAT List + Create) ?&nbsp;
Best regards,&nbsp;

thomas_gobet · Answer

It's the same for the NAT List, you have to use the "original" destination IP.&nbsp;
But be careful, it will be under Global level.&nbsp;

brahim94_11525 · Answer

OK, we are agree.&nbsp;
Thanks a lot&nbsp;

Forum Discussion

AFM: Matching order between AFM rule and NAT

4 Replies

Recent Discussions

Create a CSR and Key using the BigIP LTM GUI when renewing a certificate

F5 Rseries HA

Error when running bigip_command Playbook against LTM : Syntax Error: unexpected argument /bin/sh\n

Can iRule be used to perform exception of IPI category based on Geolocation

Can iRule mask the payload content on event logs of security

Related Content

iRule Event Order Flowchart

Order of cookies

Class match with starts_with - Data group matching order

iRule operator evaluation order OR/AND

Load Balancing in a sequential order