Help

JSS behind F5 Big-IP - IP Valve issue

Go to solution
benleroy
New Contributor II

Posted on ‎04-16-2014 11:11 AM

I have been trying to get our JSS cluster to report correctly for the IP of the client based on: https://jamfnation.jamfsoftware.com/article.html?id=305, I am still getting clients reporting in as the external interface of our F5 BIG-IP. Anyone have any sage wisdom with this? I have tried everything I can think of on both the F5 and the JSS but I am not getting anywhere.

0 Kudos
Reply
1 ACCEPTED SOLUTION

Go to solution
jhbush
Valued Contributor II

Posted on ‎04-16-2014 03:46 PM

@benleroy I had to make this change on our Netscaler. Check your F5 and see if the same entry exists.
external image link

View solution in original post

0 Kudos
Reply
5 REPLIES 5

Go to solution
CGundersen
Contributor III

Posted on ‎04-16-2014 02:03 PM

Qualifier ... I don't manage our load balancers nor do I have a view to them. We use A10 and had that issue. After our network architect spoke with A10, I was asked to adjust the gateway on our clustered JSS instances. Working as expected now. Sorry, but that's the best I've got.

0 Kudos
Reply

Go to solution
jhbush
Valued Contributor II

Posted on ‎04-16-2014 03:46 PM

@benleroy I had to make this change on our Netscaler. Check your F5 and see if the same entry exists.
external image link

0 Kudos
Reply

Go to solution
benleroy
New Contributor II

Posted on ‎04-16-2014 04:10 PM

Thanks all, Jason was correct. The default template on the F5 did not apply an x-forwarded-for header to the html header.

0 Kudos
Reply

Go to solution
andyinindy
Contributor II

Posted on ‎09-03-2014 12:51 PM

@CGundersen:

We are struggling to configure our A10 load balancer to properly forward our client IP addresses. Do you recall (or could you ask your network guy) what was needed in order to make this work properly?

We initially tried to use x-forwarded-ip, then switched it out for x-forwarded for, but neither has worked.

Any advice would be greatly appreciated!

Thank you,

--Andy

0 Kudos
Reply

Go to solution
CGundersen
Contributor III

Posted on ‎09-04-2014 01:21 PM

@andyinindy

Sorry for the delayed response. Not sure if this will be helpful, but I had a brief conversation with our network person. He was told by A10 to verify that the A10 was on the same network as the Casper JSS servers (vm's). The servers needed to use A10 as the default gateway. He indicated that we are not utilizing any configuration for X-Forwarded-IP or X-Forwarded-For on the load balancer itself. The load balancer does not change the source IP in the packet so Casper is able to see the client's IP vs that of the load balancer.

0 Kudos
Reply