Regarding scenario 1, when you select "Transparent" on the underlying pool, the LB will not perform SNAT on the traffic so the packet received by the pool member will still have the original source IP as depicted in this snip from the admin guide:
For scenario 2, as long as the LB actually terminates the TLS session (so as long as "Enable SSL Passthrough" is not selected in the application profile, which prevents the LB from decrypting the payload and getting visibility into he underlying HTTP header) then yes, the "Insert X-Forwarded-For" option will still work.
Thanks, for the info. The reference picture is not visible...
So under scenario 1, I actually donot need to enable firewall/NAT on ESG, right? Assuming I do not want to filter traffic on ESG.
Never mind, I still need NAT even with transparent pool, for translation of backend server ip to the VIP...
Sorry about the pic, you can see it in the admin guide at Logical Load Balancer as well where it describes the topologies.
As far as the firewall, it still needs to be enabled on the ESG either way as even in inline mode it still has to perform DNAT on the traffic to send it to the underlying pool members.