cancel
Showing results for 
Search instead for 
Did you mean: 

External Load Balancer question

We've been using F5 for load balancing our MWGv7 appliances and have recently found that the F5 passes the client source IP to the MWG in the X-Forwarded-For (XFF) field, and that we lots of traffic reaching the MWG with the F5 address as the client source IP. This can be seen in both MWG access logs and packet traces. This configuration appears to work but results in debugging problems (can't isolate Connection Traces to a single IP) and some web application problems.

Has anyone else using F5 encountered this? How can the F5 be configured to send the true source IP and not inject the XFF field?

Mike

1 Reply
Highlighted
McAfee Employee jscholte
McAfee Employee
Report Inappropriate Content
Message 2 of 2

Re: External Load Balancer question

Hi Mike,

The F5 would need to perform IP spoofing when sending requests to the MWG. This way the MWG will see the original client IP instead of the F5 IP.

Otherwise it will need to send the XFF if it's setup in a proxy mode as you have it now.

Best Regards,

Jon

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community