Confusion over SNAT Objects in the F5 LTM GUI (XUI)

Reading the Documentation on SNAT and comparing it to what you see in the GUI is not easy.

Firstly it’s important to know the purpose of SNAT with regard to direction.

Inbound Connections (typically from Internet to the F5) will use the referenced SNAT address to become the new source IP (outbound from the F5) as seen talking to Your Server (or servers). The Source IP address may be affected by the NAT configuration as well or be set to use Automap (use of a Self IP).

Outbound Connections (typically to Internet) will use the referenced SNAT address to become the new source IP (outbound from the F5) as seen talking to an Internet Server. The Source IP address may be affected by the NAT configuration as well.

The key to both of the above is we are talking about egress from the F5 and a change to the source IP only.

Outbound Connections to an Internet Server already have a destination – this remains unchanged – i.e. there is no configuration in the F5 LTM for this – the packets just pass through. However the Source IP may change to a different Source IP because of the SNAT or NAT entry.

So the key however you describe it is SNAT affects the Source IP only.

Now where do you go to create the SNAT….

The GUI has 3 tabs that reference the word SNAT:

  • SNAT List
  • SNAT Pool
  • SNAT Translation List



This is the easiest to create and understand. Its typically a list of  Load balanced IP Addresses – that once created is referred by some Virtual Server object – for Inbound purposes.

If you create a SNAT Pool object – it appears listed below on the SNAT Pool Page – but the IP addresses also appear on the SNAT Translation List page (confusing but useful!). The SNAT Translation page can adjust timers and connection limits for the SNAT Pool entries.

A SNAT Pool Object doesn’t reference anything other than the IP Addresses.

A SNAT Pool cant do anything on its own (unlike a SNAT list) – it needs referencing by either a Virtual Server or a SNAT List.



A SNAT List Object has some configuration that isn’t seen anywhere on the SNAT Pool or SNAT Translation Address Page:

  • Origin
  • VLAN
  • IP Addresses

A SNAT List Object can reference an IP address or SNAT Pool or Automap – effectively it restricts the usage of those objects to specific servers referenced (Origin), VLANs & IP addresses of Client connections. However – the BIGGEST DIFFERENCE is that a SNAT List doesnt needed to be referenced by a Virtual Server to perform a translation. Its kind of like a default SNAT (see here: DevCentral)

SNAT Translation List

SNAT_Translation List

First – you don’t need to create or edit a Translation Address List Object unless you want to:

  • Name the entries that appear on the Translation Address List Page
  • Adjust any of the following for a particular SNAT Pool Address or SNAT List Address:
    • ARP
    • Connection Limit
    • TCP Idle Timeout
    • UDP Idle Timeout
    • IP Idle Timeout

Secondly – if you create a SNAT List IP address object or SNAT Pool object – they both appear on the SNAT Translation List page (confusing but useful!). If you create a SNAT List Automap object – it doesn’t appear on the SNAT Translation List page

Disabling a SNAT translation object doesn’t appear to have any impact on an associated overlapping SNAT List entry.

Also creating a SNAT Translation List object has no impact unless there is a corresponding SNAT list object or SNAT Pool entry with the same IP Address.

Are 95 % of Terrorism Victims Muslim?

Are most victims of terrorism Muslim?

in a 2011 report by the US government’s National Counter-Terrorism Center (NCTC), which said: “In cases where the religious affiliation of terrorism casualties could be determined, Muslims suffered between 82 and 97% of terrorism-related fatalities over the past five years.”


The Global Terrorism Database (GTD) at the University of Maryland, does still compile terrorism statistics – but it doesn’t attempt to determine the religion of people killed or injured. To do so would be “very difficult” says the GTD’s Erin Miller………So while she doubts that 95% of terrorism victims are Muslim, she thinks the truth might not be far off.

“It’s not out of the realm of possibility, given the extreme concentration of attacks in majority-Muslim countries,” Miller says.



Create IIS with .ASP Web Pages that show Client IP Address

  1. Enable Microsoft Windows Server with ASP: see instructions here:
  2. Create your .html file as required
  3. Add the code below to the .html file
  4. Rename the file to .asp
  5. Make sure your IIS website has your file listed as a default page : see here:
  6. Browse to your site


Code for showing IP address

<div> Client Source IP address is:

<% Response.Write(Request.ServerVariables(“REMOTE_ADDR”)) %>


Code for showing al variables:

<table border=”1″ width=”500″ style=”border-collapse: collapse”>
For each item in Request.ServerVariables
Response.Write(“<tr><td>” & item & “</td><td>”)
Response.Write(“</td></tr>” & vbCrLf)

Above code from this website: