Netscaler to F5 migration mantain client IP and responder policy
Hi everyone!
I am trying to get rid of netscaler infrastructure, but I am having trouble with one VS.
I have a single-arm setup environment with 1 VS balancing 2 nodes
Client(20.24.20.65) -> VS(10.60.128.40:8080 automap) -> Node (10.60.128.30/31:8080)
The node's app has ACLs and evaluates the client IP.
With Netscaler the app receives the client IP as the source, but with F5 the app receives F5 nic's ip as the source address.
On netscaler responder policies there is a list of allowed client IPs. I wonder if this could be configured in F5.
add responder policy Pol_Res_DROP True DROP add responder policy Pol_Res_IP_Permit "CLIENT.IP.SRC.EQ(20.24.20.65)||CLIENT.IP.SRC.EQ(100.0.63.41)||CLIENT.IP.SRC.EQ(100.0.64.50)" NOOP
I would appreciate any advice.
Thanks!
No problem! Create an iRule as follows and apply this to the virtual server
when CLIENT_ACCEPTED { switch [IP::client_addr] { 20.24.20.65 - 100.0.63.41 - 100.0.64.50 { } default { reject } } }