Forum Discussion

player_72606's avatar
player_72606
Icon for Nimbostratus rankNimbostratus
Jan 31, 2012

bigip hardening

Hi all,     how can i harden f5 bigip which is facing the internet directly for specific ip address   to manage the device?     management port is not in use , management is used via t...
config
design
f5gtm_45183's avatar
f5gtm_45183
Icon for Nimbostratus rankNimbostratus
Jan 31, 2012

 

 

Hi all,

 

 

I came across this question this morning and looked forward to the feedback. I've used the info here to help secure our LTMS and GTMs.

 

 

I'd like to take this further maybe and talk about locking the system down even further - if possible that is. We're currently going through a pci compliance project. For those of you who don't know about pci it's bascially a security best practice process. Anyway does anyone know of any guidelines from F5 or elsewhere that helps get our kit locked down even further?

 

 

I've yet to carry out a port scan on the kit so I'm not sure what is open, nor am I sure about the implementation of the protocols and services available.

 

 

We use F5 kit quite heavily in our infrastructure so hopefully this won't be too painful. Any help, as always, is greatly appreciated.

 

 

Thanks,

 

 

Joe