Hi PATLOC,
to catch outgoing traffic, you will need a virtual server (network 0.0.0.0/0, performanceL4, all-protocols, iRule assigned).
ltm virtual virtual_outbound_wildcard {
destination any:any
mask any
profiles {
fastL4 { }
}
rules {
rule_selective_snat
}
translate-address disabled
translate-port disabled
vlans {
VLAN-Front-End
}
vlans-enabled
}
The iRule looks as follows:
when CLIENT_ACCEPTED {
switch [IP::client_addr] {
"20.33.2.2" -
"20.33.2.3" {
snatpool snatpool_CLD-REN
pool pool_gateway-EQX-RET
}
default {
snatpool snatpool_CLD-SMTP-WEB
pool pool_gateway-EQX
}
}
}
The iRule is referencing the individual next hop pools (each containing your specific default gateways) and SNATpools as follows:
ltm snatpool snatpool_CLD-REN {
members {
185.4.25.203
}
}
ltm snatpool snatpool_CLD-SMTP-WEB {
members {
217.69.24.64
}
}
To activate SNAT for all protocols (including ICMP; by default TCP/UDP only will be SNATed) you run the following command, please:
tmsh modify sys db snat.anyipprotocol value enable
Thanks, Stephan