Forum Discussion
Stanislas_Piro2
Aug 17, 2017Cumulonimbus
Hi,
First, BigIP is not only a load balancer... but also a firewall, a reverse proxy, a SSL VPN gateway, a DNS server, a Web Application Firewall...
Reading K12837, SNAT does not demote PVA in version 11.2.1 and later.
There is not really best practice but configuration without SNAT is better to keep client IP on server side connection.
HTTP connections support X-Forwarded-For header to insert client IP even if SNAT is enabled.
for all other protocols, SNAT may cause some limitations. for example, if you load balance SMTP connection with SNAT, AntiSPAM feature may be limited.