I'm not an F5-guy, so take this for what its worth... my Network guys are telling me that our internet-facing F5 is configured with a "SNAT pool" consisting of three IP addresses. Traffic from the F5 to the WebTier server can come in from any of these three IP addresses. However, RSA only allows me to configure TWO IP addresses.
This results in some very inconsistent behavior in the WebTier self-service console, and tons of log errors in the WebTier like:
Caused by: com.rsa.common.SystemException: Access denied. The authentication request was routed through a load balancer/Proxy server that is not recognized by the system.
[[ We're also having high-CPU spikes on the WebTier server (which may be unrelated to the load balancer config) which cause our primary AuthMgr to lock-up on occasion. ]]
Is anyone else having similar issues? Know of any work-arounds that DON'T require re-doing load balancer configurations across the enterprise?