LTM and GlobalScape EFT Server IP access/ban list...

Question

I am trying to place our EFT Enterprise Server behind our Big-IP using LTM. The configuration works and the traffic passes through using SSL bridging. However, the EFT server only sees the self-ip/floating-ip addresses since AutoMap/SNAT is enabled. Because of this reason, the IP access/ban list feature on the EFT server cannot be put to use. The EFT server cannot see or act on the original client IP that is inserted on the X-Forwarded-For header. The default source address persistence settings do not pass the original ip addresses.&nbsp;
Any help will be most welcomed. Thank you!&nbsp;

jg · Answer

Well, if you want to keep Globalscape's support, you may want to follow its advice on this at:&nbsp;
https://kb.globalscape.com/KnowledgebaseArticle11314.aspx .&nbsp;
EFT does not seem to be able to support the workaround using tcp options field as described in https://devcentral.f5.com/wiki/iRules.TCP__option.ashx .&nbsp;

carlos_colon_24 · Answer

Thank you, Jie! I had called GlobalScape support and they did not mentioned this article. It is very very helpful. I really appreciate you sharing it with me and the rest of the info.&nbsp;
I am going to see if I can set up using the F5 devices as the servers' gateway. &nbsp;

Forum Discussion

LTM and GlobalScape EFT Server IP access/ban list...

2 Replies

Recent Discussions

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Enabling AVR and creating Profiles

Get associated pool name from VIP IP using F5-LTM

Disacard SSL::cert mode to ignore when default SSLClient profile is set to request or require

About custome Response Blocking Page

Related Content

F5 402 Exam reading list and notes

List BIG-IP Next Instance Backups on Central Manager

GTM- Zone list (Offline (Enabled) - Failed AXFR)

Intermediate iRules: Handling Lists

list ltm profile