Forum Discussion

Nimbostratus

Apr 30, 2014

Forwarding IP Question

I am going through some rules in our BigIP and I found one that is particularly disturbing (I think). We have an IP forwarding virtual server with both source and destination set to 0.0.0.0. This is ...

design

What_Lies_Bene1

Cirrostratus

Apr 30, 2014

You've a multitude of options. I don't see S/NAT as a security measure at all I'm afraid.

*Leave the VS as is and use a packet filter (or AFM) to restrict inbound access

*Leave the VS as is and use an iRule to restrict inbound access

*My preference: Leave the VS for the outbound access, disable it on the external VLAN. For inbound management create port specific VSs AND associated packet filters to restrict access.

*Better yet, use a secure access method (VPN, PPTP whatever) that doesn't go through the F5 and apply static routes as necessary on the servers.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Forwarding IP Question

Recent Discussions

3rd party SFP

Custom Attack Signature for Accept Header

Upgrade to 'BIGIP-15.1.0.5-0.0.8 (Could not access configuration source; sda, 1)

how does gtm/dns monitor wild-ip pool members?

why the device certificate verify failed when the device certificate is not expired?

Related Content

IP Forwarding question

Need help - Configure forwarding proxy chain

Can an i-rule redirect all traffic hitting a Forwarding IP vserver to a standard Vserver

SNAT question

Monitor Testing question

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS