Forum Discussion
Feb 20, 2017
The F5 will not need any additional routing. The BIG-IP is a full proxy. This results in two TCP connections: clientside and serverside. So for your example these will be:
client:123.1.1.1 -> F5 VIP 10.0.1.15 (clientside)
F5 SNAT 10.0.1.25 -> SRV 10.0.1.60 (serverside)
There will be no drops on the firewall due to spoofing, because the firewall will only see the legitimate clientside connection. The serverside connection will not pass the firewall because it's a connection within the same vlan.