Forwarding IP Question
I am going through some rules in our BigIP and I found one that is particularly disturbing (I think). We have an IP forwarding virtual server with both source and destination set to 0.0.0.0. This is allowing access to SSH, WebGUI, etc. through our public self IP address. I believe this was done to allow for management traffic to pass to servers that sit behind the IP which use it as their default gateway (ICMP, RDP, etc.) as well as facilitate the connection for those servers to access the Internet. There is no way this is best practice and I need to know the best way to remediate this asap. I think the desired configuration would be to configure a SNAT for the subnet that sits behind the BigIP, and then configure another VS that would enable management traffic to pass between internal subnets. I just need some clarification.
Thanks in advance.