Tuesday, 10 February 2026

F5 SNAT

 One ARM Topology when Server Gateway is not configured as F5 Laod balancer gateway

In below Topology There are two traffic flows

1-Client=============F5 VIP IP

2-F5 Does Destination NAT by default so client IP remain same and VIP IP gets converted to pool Member IP address

3- Suppose it select 192.168.10.3 as Pool member

4-Now Server will respond but server gateway is not F5 Load balancer as Server does not have the Client IP address information in the routing table

5- Server will reach to gateway and where L3Switch or Router will respond and not this will be Asyymetric routing

6- But when we enable SNAT automap or SNAT Pool , Client IP gets converted into Self IP address ( Suppose 192.168.10.10) now Server will see that Source IP is 192.168.10.10 from where request has come from

7- Now Server will respond to this 192.168.10.10 not WAN/L3 device , traffic will be going via F5 Load balancer only



-
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Why do many Palo Alto engineers open a TAC case immediately… without checking anything first?

A production issue happens. Application team says “network issue.” Users say “firewall problem.” And within minutes someone says: “Let’s ope...