NimbostratusWe are load balancing AD servers for LDAPS and are wondering if there is anyway to see the real client IP instead of the F5 source NAT.
CirrusTo obtain the source IP address of the client rather than the self-ip/SNAT address of the F5, you must do the following:
*The F5 will have to have layer 2 adjacency to the AD server(s). In other words, at least one F5 interface will need to have VLAN configuration on the same VLAN(s) as the AD server(s)
NimbostratusUnfortunately, I was hoping for a better solution as I didn't want to have to make a bunch of configuration changes to make this work. Thanks
CirrusFor future reference, web based applications can obtain the true client IP address by way of the x-forwarded-for header. This approach eliminates the need for network reconfiguration:
https://support.f5.com/csp/article/K4816
NimbostratusTo obtain the source IP address of the client rather than the self-ip/SNAT address of the F5, you must do the following:
*The F5 will have to have layer 2 adjacency to the AD server(s). In other words, at least one F5 interface will need to have VLAN configuration on the same VLAN(s) as the AD server(s)
NimbostratusUnfortunately, I was hoping for a better solution as I didn't want to have to make a bunch of configuration changes to make this work. Thanks
NimbostratusFor future reference, web based applications can obtain the true client IP address by way of the x-forwarded-for header. This approach eliminates the need for network reconfiguration:
https://support.f5.com/csp/article/K4816