Forum Discussion

pedinopa_170325's avatar
pedinopa_170325
Icon for Nimbostratus rankNimbostratus
Mar 29, 2016

Automap / Snat

I wrote an irule to redirect traffic to specific web servers. As part of this I want to mask all traffic so it looks like on the F5 is talking to the webserver so I enabled AUTOMAP. When I look at the IIS logs the http get request has the client IP not the f5 IP (looks like automap isn't working or doing what I thought). Should I be using SNAT instead?

 

6 Replies

  • Arie's avatar
    Arie
    Icon for Altostratus rankAltostratus
    Automap uses SNAT, so you should be seeing the BIG-IP's address as the source. I'm wondering if you are injecting the X-Forwarded-For header. If so, the web server may be using that for the logs. It would have to be configured that way on the OWS for this to be the case, though.
  • If you have enabled Source Address Translation but it is not having an effect, please open a support case.
  • I think I need a intelligent snat because the webservers are on different subnets than the F5
  • Hi Pedinopa, What are the gateways of your servers, is it the BIG IP? This could be the reason why the client IP is still passing.
  • You say you wrote an iRule for REDIRECTING traffic to a specific webserver. That would force the client to open a totally new tcp connection to that server directly after receiving the redirect from the f5, in which case the SNAT setting (automap or SNAT pool) of your virtual processing the iRule will have no effect. That is probably the reason why you see the real client IP in your webserver logfiles.