Netscaler to F5 migration mantain client IP and responder policy

Question

Hi everyone!&nbsp;
I am trying to get rid of netscaler infrastructure, but I am having trouble with one VS.&nbsp;
I have a single-arm setup environment with 1 VS balancing 2 nodes&nbsp;
Client(20.24.20.65) -&gt; VS(10.60.128.40:8080 automap) -&gt; Node (10.60.128.30/31:8080)&nbsp;
The node's app has ACLs and evaluates the client IP.&nbsp;
With Netscaler the app receives the client IP as the source, but with F5 the app receives F5 nic's ip as the source address.&nbsp;
On netscaler responder policies there is a list of allowed client IPs. I wonder if this could be configured in F5.&nbsp;
add responder policy Pol_Res_DROP True DROP
add responder policy Pol_Res_IP_Permit "CLIENT.IP.SRC.EQ(20.24.20.65)||CLIENT.IP.SRC.EQ(100.0.63.41)||CLIENT.IP.SRC.EQ(100.0.64.50)" NOOP&nbsp;
I would appreciate any advice.&nbsp;
Thanks!&nbsp;

kevin_davies_40 · Accepted Answer

No problem! Create an iRule as follows and apply this to the virtual server
when CLIENT_ACCEPTED {
  switch [IP::client_addr] {
    20.24.20.65 -
    100.0.63.41 -
    100.0.64.50 { }
    default { reject }
  }
}

luis_125085 · Answer

It worked like a charm.&nbsp;
Thank you very much Kevin!!!&nbsp;

Forum Discussion

Netscaler to F5 migration mantain client IP and responder policy

2 Replies

Recent Discussions

Chrome V 124+ on MacOS - Virtual Server Access Issue

F5 Rseries R2600 Tenant sizing

About AWAF "Redirect URLs" in "Responses and Blocks"

ISP Bandwidth Utilization

F5 Rseries HA

Related Content

Getting Started with BIG-IP Next: Migrating an Application Workload

F5 BIG-IP per application Red Hat OpenShift cluster migrations

Citrix Netscaler to F5 BIG-IP

Edge to Pulse: IP Geolocation Database Migration

uCS platform-migrate