We've been using F5 for load balancing our MWGv7 appliances and have recently found that the F5 passes the client source IP to the MWG in the X-Forwarded-For (XFF) field, and that we lots of traffic reaching the MWG with the F5 address as the client source IP. This can be seen in both MWG access logs and packet traces. This configuration appears to work but results in debugging problems (can't isolate Connection Traces to a single IP) and some web application problems.
Has anyone else using F5 encountered this? How can the F5 be configured to send the true source IP and not inject the XFF field?
The F5 would need to perform IP spoofing when sending requests to the MWG. This way the MWG will see the original client IP instead of the F5 IP.
Otherwise it will need to send the XFF if it's setup in a proxy mode as you have it now.