Forum Discussion

kenny_50210's avatar
kenny_50210
Icon for Nimbostratus rankNimbostratus
Jan 05, 2015

question and help regarding SNAT

Hello, I have a webpage that has a video section hosted by a third party.

 

External Client >> F5 APM >> WebPage >> 3rd party video server

 

The 3rd party video server will only accept connections coming from the F5 SNAT or the F5 external facing external IP.

 

So with this said, I setup SNAT so that my external clients IP address will be rewritten to the SNAT address so that the 3rd party video site will accept my incoming connection. However, this is not the case, every time after logging into the APM and then access the 3rd party video link from my webpage I receive an error. I checked with our 3rd vendor and they said that I was blocked because my IP address that I was sourcing from was not from either of the SNAT address or the F5 external facing IP address.

 

Should I use SNAT in this case or an irule or am I totally of base here? Any help in the right direction will be great appreciated.

 

Not sure if I am making any sense but please let me know if I can clarify anything.

 

Thanks!

 

APM
application delivery
deployment
design
devops
iRules
LTM
security

5 Replies

Sort By
  • Amit_Karnik's avatar
    Amit_Karnik
    Icon for Nimbostratus rankNimbostratus
    Jan 05, 2015

    Is the video site a portal access ? or a webtop link ?

     

    If it is a webtop link, then the APM just sends a redirect to the external client browser and the external client browser connects to the link as-if it is going there directly. This is what I suspect is happening.

     

  • kenny_50210's avatar
    kenny_50210
    Icon for Nimbostratus rankNimbostratus
    Jan 06, 2015

    Hi Amit, this is not a webtop link. We are only using APM for auth and SSO. All of the content is on the webpage.

     

    Thanks

     

  • Mohamed_Lrhazi's avatar
    Mohamed_Lrhazi
    Icon for Altocumulus rankAltocumulus
    Jan 06, 2015

    Is the traffic from the client (web browser) to the third party? if so, you cannot control the IP used there, at least not from the F5 device.

     

  • kenny_50210's avatar
    kenny_50210
    Icon for Nimbostratus rankNimbostratus
    Jan 06, 2015

    Hi Mohamed, I just found out that the 3rd party accepts referer information so we are going to try this route. fingers crossed.

     

    thanks!

     

  • Amit_Karnik's avatar
    Amit_Karnik
    Icon for Nimbostratus rankNimbostratus
    Jan 06, 2015

    Another thing you could try is in the APM policy, add an explicit SNAT assignment, via the "Route Domain and SNAT Selection" in the Assignment tab of the VPE