For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Greg_130338's avatar
Greg_130338
Icon for Nimbostratus rankNimbostratus
Apr 30, 2014

Forwarding IP Question

I am going through some rules in our BigIP and I found one that is particularly disturbing (I think). We have an IP forwarding virtual server with both source and destination set to 0.0.0.0. This is ...
design
What_Lies_Bene1's avatar
What_Lies_Bene1
Icon for Cirrostratus rankCirrostratus
Apr 30, 2014

You've a multitude of options. I don't see S/NAT as a security measure at all I'm afraid.

 

*Leave the VS as is and use a packet filter (or AFM) to restrict inbound access

 

*Leave the VS as is and use an iRule to restrict inbound access

 

*My preference: Leave the VS for the outbound access, disable it on the external VLAN. For inbound management create port specific VSs AND associated packet filters to restrict access.

 

*Better yet, use a secure access method (VPN, PPTP whatever) that doesn't go through the F5 and apply static routes as necessary on the servers.