Forum Discussion

Nimbostratus

Oct 07, 2009

Big-IP Local Traffic Self-ips for internet facing addresses

Is there a particular reason why I would not set the Self-IP on an interface for the Internet to deny all traffic? For any virtual servers, I am using separate IP addresses. Mostly, my concern is ab...

management

monitoring

The_Bhattman

Nimbostratus

Oct 07, 2009

I use the self addresses for management rather then the management interfaces for several reasons. However, I faced the same issue way in the past about how to protect the self-addresses from the internet. We basically used the firewall to protect it. Others have put in a ACL on the LTm on who can directly access the management interfaces.

I am not sure if there is a best practice but I think default ALLOW is something that shouldn't be used if you want security.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Big-IP Local Traffic Self-ips for internet facing addresses

F5 Academies Are Back – And We’re Coming to a City Near You

Introducing the F5 Application Study Tool (AST)

Recent Discussions

Problem with sending BotDefense logs to remote server

Audit Logging on LTM and GTM

Change Content-Type from application/octet-stream to multipart/form-data

What dose "Accept" do in BIG-IP ASM event logs

OSPF traps on BIG-IP v14

Related Content

About Self IP, and Virtual IP

Copy over self IPs from several partitions

Protect an application exposed on Internet with F5 XC WAAP

The sooner the better: Web App Scanning Without Internet Exposure

No response after added virtual server IP address as floating self-IP address

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS