Confirmation of Precedence for SNAT vs WC VS

Question

It looks like we're gong to have to deploy a wildcard VS with an irule to perform selective SNATs for a couple of applications. Since we have many other applications already deployed that could be caught by this wildcard, what is the best way to handle these? I can't quite tell from the precedence doc if the existing defined SNATs for the other applications will pick them up prior to the wildcard VS grabbing the traffic.

michaelatf5 · Answer

A good rule of thumb, is Most Specific First.&nbsp;
To be specific about it:&nbsp;
Existing ConnectionsPacket FilterVirtual ServerSNATNATSELF-IPDROP
However, if you have a wildcard VS that is LESS specific than your SNAT entry, then SNAT will win.  If you have existing VS that are configured specifically for application traffic (Source, Destination, Protocol, Port, etc) that will win over a WC Virtual Server with NO PORT, NO DESTINATION, NO SUBNET, etc.&nbsp;

Forum Discussion

Confirmation of Precedence for SNAT vs WC VS

1 Reply

Recent Discussions

Chrome V 124+ on MacOS - Virtual Server Access Issue

F5Access | MacOS Sonoma

Transaction looks successful but file not downloading

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

F5 Access Guard Deprecated: ZTA APM

Related Content

Verifying Local Traffic Policy and iRule Precedence

Knowledge sharing: Order of precedence for BIG-IP modules, ASM DDOS Protection, Bot Protection

SNAT IP address logging

SNAT pool persistence

F5 SMTP Fast Template - SNAT Not working as expected