Forum Discussion

Nimbostratus

Jul 21, 2008

Hardening

Are there any documents available on system hardening for the bigip? Does anyone have any experience in this area? Thanks in advance. -m

management

monitoring

L4L7_53191

Nimbostratus

Feb 18, 2010

Here are my two cents: I think of BigIP as having two very discrete systems: the control plane and the management plane. When most people talk about hardening, they're talking about hardening the mangement plane (that is, access via the management interface, CLI, etc.).

Changing system settings at this level is generally a Bad Idea, as it'll potentially break stuff. The best bet is to keep the management network segmented, trusted and secured, and optionally to allow only certain systems CLI or GUI access. As far as the control plane goes - your virtual servers - they're very secure, at least from the BigIP perspective.

10.1 has incorporated SE Linux, so I expect this will be come less and less of an issue on subsequent releases.

-Matt

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Hardening

Recent Discussions

APM with EntraID as idP / request signed

Should config via cli rather than gui?

Background Tasks

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

F5 SLEDFest 2022 Sacramento Edition - Securing and Hardening your BIG-IP presentation

Security Hardening F5's BIG-IP with SELinux

Hardening F5

Security Hardening F5’s BIG-IP 12.0 with SELinux

F5 Synthesis: Hardening Security through Programmability in the Network

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS