To further this - we're also finding that having x-forwarded-for enabled on the our F5 also prevents DEM smart policies from being able to detect the gateway location (ie internal / external).
This is preventing policy based cut / paste operations from working, ie we want 'internal' users to have inbound+outbound cut and paste, and disabled for external.
Anyone else seeing this?
