For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

jknock6560's avatar
jknock6560
Icon for Altostratus rankAltostratus
Jun 05, 2025

F5 Internal IPs Nessus Scans

I am confused.  I scan my Virtual BIG-IP F5s via a NESSUS scanner.  It appears the scanners scans the "MGMT" ip for both VEs.  I assume the MGMT IPs are the ones on top left when you open the GUI?  I...
scanners
Injeyan_Kostas's avatar
Injeyan_Kostas
Icon for Nacreous rankNacreous
Jun 06, 2025

Hello,

you can see self and floatring IPs under Network Self IPs.
But as said if allow none is selcted in port-lockdown F5 will drop the request.

This is the default behaviour and you shouldn't allow anything in self ips unless specifically needed.

jknock6560's avatar
jknock6560
Icon for Altostratus rankAltostratus
Jun 09, 2025

So if allowed in settings then the scan should be allowed and will scan correct? Should the setting be changed after each scan for security reasons? 

  • Injeyan_Kostas's avatar
    Injeyan_Kostas
    Icon for Nacreous rankNacreous
    Jun 09, 2025

    Technically yes 

    But why mgmt interface isn't enough?

    • jknock6560's avatar
      jknock6560
      Icon for Altostratus rankAltostratus
      Jun 09, 2025

      We think when it scans MGMT the results are double Vulnerabilities.  Just to verify also - is the mgmt IP the one on top left when you log into GUI? the internal IP the one which might start with HA_etc...? 

      • Injeyan_Kostas's avatar
        Injeyan_Kostas
        Icon for Nacreous rankNacreous
        Jun 09, 2025

        The naming may or may not means something.

        Mgmt IP can be found under system-platform

        Tmm ips are under network-ip. If traffic group is local means that IP is used only in this device, if not it means this is a shared IP used by active node.

        What you mean double vurlenabilities?