F5 Default Gateway Request

My .02 Feel free to correct me.

IIRC --

If your servers are pointing to your F5's Self IP's as their gateway, your VIP will not have a SNAT setup; it will be configured as "None." If you have "Auto Map" configured, your servers will use one of the Self IP's that you have setup for that VLAN segment. If you have "NONE" setup for the VIP and the Servers do not have the F5 as their gateway, traffic will fail.

Also if you do a tcpdump for a VIP IP, you will see the IP's that are talking to the F5.

They are server side initiated connections.

Shaun is onto a method that might work although it's not foolproof. If you can match a pool member with the virtual server that load balances to it, then check the virtual server's Source Address Translation (SNAT) setting, that may clue you in as to which pool members (servers) have BIG-IP as their default gateway and which don't. I say it's not foolproof for this reason: although a server whose default gateway IS NOT the BIG-IP system must be load balanced to with a virtual server that's using SNAT, it is perfectly acceptable to use SNAT even if the server's default gateway IS the BIG-IP system. So there's no guarantee. (Some F5 customers use SNAT everywhere regardless of the server's default gateway configuration - just in case!)

Thanks guys, but this is OUTBOUND from the servers perspective.

Any other ideas?

You should be able to use the connection table to verify. If you look at the connections hitting the virtual server handling your outbound default traffic, the pool members that default to the FW should be absent from that filtered view.

You can do this on the command line like so:

for i in "${poolmems[@]}"; do echo $i; tmsh show sys conn cs-client-addr $i cs-server-addr 192.168.103.50; done;
192.168.103.20
Sys::Connections
Total records returned: 0
192.168.103.21
Sys::Connections
Total records returned: 0