Can we identify the original src address of a packet after snat automap ????

Question

We have a Perf l4 vip so it seems we can't use xff to identify the original source ip ?? Is there any other way such as connection tables etc to identify the src ?? The issue is our client had an issue with some devices doing logins with bad passwords thus locking everyone out and the src address appeared as our floating ip due to SNAT, so they want us to be able to identify the original src versus the snat ip ?

kohli9harjeev · Answer

Hi,&nbsp;
If you need the IP only,then you use the following irule and forward the logs to any SIEM server for historical data if you want to keep it&nbsp;
when CLIENT_ACCEPTED {&nbsp;
log local0. "IP: [IP::client_addr] accessed the application"&nbsp;
}&nbsp;
Regards&nbsp;

Forum Discussion

Can we identify the original src address of a packet after snat automap ????

1 Reply

Recent Discussions

Chrome V 124+ on MacOS - Virtual Server Access Issue

F5Access | MacOS Sonoma

Transaction looks successful but file not downloading

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

F5 Access Guard Deprecated: ZTA APM

Related Content

Can't identify cookie

Decoding the IPv4 address from the persistence cookie

CSV to Address External Datagroup File

Unique Identifier for irules Http response

SNAT IP address logging