When you need to ensure that server responses always return through the BIG-IP® system, or when you want to hide the source addresses of server-initiated requests
from external devices, you can implement a SNAT.
secure network address translation (SNAT)
is a BIG-IP Local Traffic Manager feature that translates the source IP address within a connection to a
BIG-IP system IP address that you define. The destination node then uses that new source address
as its destination address when responding to the request.
For inbound connections, that is, connections initiated by a client node, SNATs ensure that server nodes always send responses back through the BIG-IP system, when the server’s default route would not normally do so. Because a SNAT causes the server to send the response back through the BIG-IP system, the client sees that the response came from the address to which the client sent the request, and consequently accepts the response.
For outbound connections, that is, connections initiated by a server node, SNATs ensure that the internal IP address of the server node remains hidden to an external host when the server initiates a connection to that host.
F5 recommends that before implementing a SNAT, you understand NATs.