Forum Discussion

Greg_130338's avatar
Greg_130338
Icon for Nimbostratus rankNimbostratus
Apr 30, 2014

Forwarding IP Question

I am going through some rules in our BigIP and I found one that is particularly disturbing (I think). We have an IP forwarding virtual server with both source and destination set to 0.0.0.0. This is ...
design
nitass_89166's avatar
nitass_89166
Icon for Noctilucent rankNoctilucent

Now my question is, if I change this, does this impact both ingress and egress traffic? If I change this to allow none, will that deny traffic inbound to this address but still maintain the ability to NAT from for these servers that route through the BigIP? Will it impact any of the other virtual servers that are connecting through this external interface?

 

port lockdown setting affects traffic destined to selfip (i.e. it does not affect virtual server and snat list traffic).

 

Greg_130338's avatar
Greg_130338
Icon for Nimbostratus rankNimbostratus
May 01, 2014
Gotcha. So best practice for an external interface self-IP that is not inline with a firewall would be to create a custom list I would imagine? The Allow Default still allows https and ssh, allowing management of the BigIP from outside our network. Specific ports I should be looking to allow here?