Manual Chapter :
Egress Setting
Applies To:
Show VersionsF5 SSL Orchestrator
- 17.1.0
Egress Setting
The Egress settings define how traffic exits the topology. The BIG-IP
receives traffic after a connection travels through the specified service chain and
directs the traffic to the final destination. When configuring the Egress Setting
screen, you can select whether or not you want the system to let all SSL traffic use the
default route, or if you want to specify Internet gateways (routers). If you want to
override the default routing and choose to use specific gateways, you can define the
ratios within the pool of routers to load balance the traffic.
The Egress Setting step is only for L3
topology configurations.
To create egress settings, you must set both SNAT (Secure Network
Address Translation) settings and your selected gateway routes for SSL intercept
traffic. When managing SNAT settings, you define routable alias IP addresses that the
BIG-IP system substitutes for client IP source addresses when making connections to
hosts on the external network. You can use an existing SNAT (and thus define a SNAT
pool), the SNAT Auto Map functionality, or create new SNAT settings or none at all.
Create a BIG-IP SNAT pool to define a pool of distinct host addresses for SNAT to use. A
SNAT pool is a pool of translation addresses that you can map to one or more original IP
addresses. Translation addresses in a SNAT pool should not be self IP addresses.
For gateway addresses, enter multiple gateways if you have multiple
systems and wish to load balance across them. If you do enter multiple addresses, you
can also use the ratio value to control the load balancing. For example, if you have two
devices, and one handles twice as much traffic as the other, you can set the ratio to 1
on the smaller device, and 2 on the larger one. Create a BIG-IP gateway pool if you add
more than one gateway (routers) that specifies the routes of all SSL intercept
traffic.