Forum Discussion
Arun_Bhardwaj_1
Cirrus
Cirruscan we open login f5 through http and block https? so will not get SSL error.
can we open login f5 through http and block https? so will not get SSL error.
We are having link load balancer. And during security audit in our company we are shown SSL vulnerablity on public I...
Greg_Robinson_1Cirrus
CirrusI would think the security team would have more issue with you sending configuration information via plain-text HTTP than via HTTPS, even if the certificate is self-signed. Do you need to reach this F5 via the public IPs? For my publicly facing interfaces, I put the "allow-service none" parameter on the self-IPs so that the F5 doesn't allow any in-band management traffic on those interfaces. I'd consider that a best practice for any interfaces that you don't need to use for F5 management (keep in mind that config-sync/failover interfaces require the "allow-service default" so service traffic can pass between units.)
- Chase_Abbott
Admin
Agree, I don't consider HTTP a valid option at all. Self-signed is your minimum, but any audit will flag those certs as potential issues. As for MGMT, that would "never" be part of your internal or external traffic paths.
