VMware Horizon Community
RobOTheGreat
Contributor
Contributor
‎03-09-2017 11:41 AM

F5 & X-Forward configure assist for the VMware View environment 7.0.2

Need some help on the F5 configuration with our VMware View environment in order get the correct Client IP address.  We need to do some reporting on the VMware View desktop pool to be HIPAA compliance.  In this report, we need to show the client IP address of where the user is coming from.   Every time we run the report the IP is always comes back as the F5 floating IP which is the same all the time for any user.


The F5 documentation said to turn on X-Forwarded-For header and then refer to VMware documentation to configuring logging on the View servers.   I did open a call with VMware, but they weren’t able to help me with this configuration.


VMware Horizon View 5.2, 5.3, 6.0, 6.2, 7.0: (BIG-IP v11, v12: LTM, APM, AFM)
https://f5.com/solutions/deployment-guides/vmware-horizon-view-52-53-60-62-70-release-candidate-iapp...

Should the BIG-IP system insert the X-Forwarded-For header? Advanced Select whether you want the BIG-IP system to insert the X-Forwarded-For header in the HTTP header for logging purposes. • Yes, insert the X-Forwarded-For header Select this option if you want the system to include the X-Forwarded-For header. You may have to perform additional configuration on your View servers to log the value of this header. For more information on configuring logging on the View servers, refer to the VMware documentation.

Does anyone know how to configure the VMware View servers to accept the X-Forwarded-For so we can get the correct client IP address when running reports for HIPAA compliance?

Thanks,
Robert

0 Kudos
3 Replies
BenFB
Virtuoso
Virtuoso
‎12-01-2017 01:38 PM

RobOTheGreat​ Did you find any resolution to this? We are facing the same issue and cant find a solution.

0 Kudos
RobOTheGreat
Contributor
Contributor
‎12-07-2017 07:49 PM

I had a ticket open with VMware but they couldn’t tell me how to configure X-Forward?   The work around was to setup the F5 Source Address Translation to None for this VIP.  It was setup for Auto-Map before.   This change you see the correct client IP instead of the F5 IP.

Then we created a custom SQL scripts to pull what data we wanted for our reports.

This was usefully tool.
Horizon View Events Database Export Utility
https://labs.vmware.com/flings/horizon-view-events-database-export-utility

I heard VMware Log Insight had some reporting, but haven’t had a chance to try that out yet.

I also read that VMware Workspace ONE works with X-Forward header, but we don’t use VMware Workspace ONE.

0 Kudos
BenFB
Virtuoso
Virtuoso
‎12-07-2017 08:36 PM

RobOTheGreat

Thanks for replying. We've actually engaged F5 and VMware. We are still waiting on VMware but F5 confirmed that disabling SNAT Auto Map like you did would work. For our environment we need to leave SNAT Auto Map enabled so that's unfortunately not an option. At this point we are waiting on VMware to support the X-Forwarded-For header on the UAG if they don't already.

Just an FYI, instead of the SQL report you could send your connection servers logs to a syslog server like Log Insight/Splunk/etc.... The IP address of the client will be in the ClientIpAddress or ForwardedClientIpAddress field.

0 Kudos