AltostratusCan a Health Check be sourced from a SNAT address rather than the F5 self-ip? My Security team is asking for each application to have it's own SNAT address, which seems great until we come to the realization that my health checks and application traffic will be sourced from different addresses. We are currently running 13.1.1
Hey Kevin,
I'm afraid you cannot specify which IP address you want to use for health monitoring. It will use the non-floating self-IP address for the egress VLAN that's determined by the routing table.
I have seen examples of people using an external monitor and using netcat to define the source IP address.
I have also seen examples of people suggesting to create a virtual server made for monitoring, and then applying a SNAT pool on that virtual server. Then create a custom monitor with an alias address and port of the monitor virtual server so traffic passes through it and get SNATed. But I have never tried it myself.
I hope this gives some clarification and assistance.
NimbostratusHi everyone,
I actually have a similar need to change the monitoring source-ip, and have indeed used the proposed method of using a SNAT pool + VS to capture the traffic that passes through
and all. The result seemed to be promising and while using the "test" button under the monitor the traffic did undergo the SNAT i intended it to.
The problem appeared only when i decided to use this monitor and associate it to the desired pool, in that case no SNAT is occuring.
Have you come to a solution since this was posted? any advice would be happily accepted.
cheers,
