XFF and SNAT IP in header

The way that the XFF header works is it takes the original client IP, the one connecting to the F5 device, and puts it in the XFF header. This is to get around the issue of the source IP being changed that comes from the F5 proxying the connection. When the backend server receives the data, it should have a source IP of the F5 SNAT IP and a header with the original client IP. If this is not what you are seeing, something is messing up. If this is what you are seeing but you want the source IP to be the IP of the original client and there to be no IP address from the F5, you would have to disable SNAT. Be careful with this though as it can cause an asymmetrical routing path that is hard to predict. If all the backend servers have the F5 as their default gateway, then you can disable SNAT safely.

If you have any more questions, I am sure I can help

The way that the XFF header works is it takes the original client IP, the one connecting to the F5 device, and puts it in the XFF header. This is to get around the issue of the source IP being changed that comes from the F5 proxying the connection. When the backend server receives the data, it should have a source IP of the F5 SNAT IP and a header with the original client IP. If this is not what you are seeing, something is messing up. If this is what you are seeing but you want the source IP to be the IP of the original client and there to be no IP address from the F5, you would have to disable SNAT. Be careful with this though as it can cause an asymmetrical routing path that is hard to predict. If all the backend servers have the F5 as their default gateway, then you can disable SNAT safely.

If you have any more questions, I am sure I can help