create 0.0.0.0:0 Fordarding IP VS(0.0.0.0:443 Standard tcp VS) is caused by the http-explicit profile's attribute Explicit Proxy>>Default Connect Handling Deny. If its value set to Allow, all 0 VS may not be required
Select the snatpool based on the white list domain name. I use the switch to match. If you want to expand the scope, you can use the class match to match.
Tips:explict VS and 0.0.0.0:0 VS do not need to enable Automap, and 0.0.0.0 VS do not need to use http profile,only use tcp profile can also work
iRules name is http_explict_snatpool_irules
when HTTP_PROXY_REQUEST {
log local0. "[HTTP::method] [HTTP::uri]"
switch [string tolower [URI::host [HTTP::uri]]] {
"www.bestpay.com" {
snatpool snatpool_explict_white
}
"default" {
snatpool snatpool_explict_default
}
}
}
explict VS config:
list ltm virtual https_vs_explict
ltm virtual https_vs_explict {
creation-time 2022-11-02:13:12:21
destination 10.199.3.10:3128
ip-protocol tcp
last-modified-time 2022-11-16:21:11:57
mask 255.255.255.255
profiles {
new_http_explict_proxy { }
tcp { }
}
rules {
http_explict_snatpool_irules
}
serverssl-use-sni disabled
source 0.0.0.0/0
translate-address enabled
translate-port enabled
vlans {
vlan-HA
}
vlans-enabled
vs-index 49
}
0.0.0.0:443 Standard tcp VS config:
list ltm virtual VS_explict_2022
ltm virtual VS_explict_2022 {
creation-time 2022-11-03:10:09:21
destination 0.0.0.0:https
ip-protocol tcp
last-modified-time 2022-11-16:21:27:50
mask any
profiles {
tcp { }
}
serverssl-use-sni disabled
source 0.0.0.0/0
translate-address disabled
translate-port disabled
vlans {
my_httptunnel
}
vlans-enabled
vs-index 39
}
ltm snatpool snatpool_explict_default {
members {
10.20.20.177
}
}
ltm snatpool snatpool_explict_white {
members {
10.20.20.170
}
}