Forum Discussion

646576's avatar
646576
Icon for Nimbostratus rankNimbostratus
Feb 05, 2025
Solved

Disable/Block access to Network Map

I have an F5 appliance with a "big" configuration (according to F5 support engineers) and we frequently encounter the unable to contact Big-IP device message when multiple users open the Network Map ...
management gui
  • 646576's avatar
    646576
    Feb 25, 2025

    For anyone else who finds this, in regards to Jmtaylor 's AI generated suggestions.

    1. Not an option. I cannot think of how (or why) you would apply iRules to the configuration utility.
    2. Not an option. The network map uses the same port configuration utility.
    3. Not an option. Wish it was though.
    4. Does not achieve my goal.
    5. Did this... Their suggestion (below) does achieve my goal.
    tmsh edit / sys httpd all-properties

    Replace include none with the block below.

    include "
     <LocationMatch \"/tmui/tmui/dashboard/\">
          Redirect 403 /
     </LocationMatch>
     <LocationMatch /tmui/tmui/locallb/network_map/>
          Redirect 403 /
     </LocationMatch>
"

    Save the config file by exiting vi. (ESC :wq!) and when prompted, save the config file as the tmsh prompt.

    Save the config and bounce the httpd service with the code below.

    tmsh save sys config
tmsh restart sys service httpd

     

Jmtaylor's avatar
Jmtaylor
Icon for Moderator rankModerator
Feb 20, 2025

646576 
 Hello, I was able to find some options for you using some AI searches,   

. Here are a few potential solutions:

  1. Custom iRules: You can create an iRule to restrict access to the Network Map based on user roles or IP addresses. This requires some custom scripting and a good understanding of iRules and the underlying network architecture
  2. Firewall Rules: If the Network Map is accessed via a specific URL or port, you can create firewall rules to block access to that URL or port while allowing access to the rest of the management interface
  3. Role-Based Access Control (RBAC): Review your user roles and permissions. 
  4. Configuration Utility Timeout Settings: Adjusting the timeout settings for idle sessions might help alleviate some of the resource strain caused by users leaving the Network Map open for extended periods. This won't disable the Network Map but might reduce the frequency of the issue
  5. Contact F5 Support: Since you've already been in touch with F5 support engineers, it might be worth asking them directly if there are any undocumented methods or advanced configurations to achieve this.