Forum Discussion
If there is no firewall, the risk of problems
- Feb 06, 2023
Michaelyang because the F5 is not configured to listen on 445 in the example you have provided you do not have a risk currently for the backend servers or the F5. The keyword here is currently, it is possible that in the future a vulnerability might exist that does leave your F5 or backend servers vulnerable to an attack and why you should only ever allow the ports you need through and not everything. What is the reasoning for allowing all ports through to the F5 virtual server? If the reasoning here is because someone doesn't want to go allow each port when you start to use it that is an extremely flawed and a huge security risk approach to managing a network. It's best to stick to best practices and not to encourage practices that put your network in a vulnerable security posture.
Hi Michaeleasley,
Thanks for your reply.
Take the example I mentioned as an example.
If F5 does not have port 445 of the virtual server, the BIG-IP system will not handle any network traffic on port 445 and should reject them.
What could be the risk to F5 or the backend server?
Any help is appreciate.
Michaelyang because the F5 is not configured to listen on 445 in the example you have provided you do not have a risk currently for the backend servers or the F5. The keyword here is currently, it is possible that in the future a vulnerability might exist that does leave your F5 or backend servers vulnerable to an attack and why you should only ever allow the ports you need through and not everything. What is the reasoning for allowing all ports through to the F5 virtual server? If the reasoning here is because someone doesn't want to go allow each port when you start to use it that is an extremely flawed and a huge security risk approach to managing a network. It's best to stick to best practices and not to encourage practices that put your network in a vulnerable security posture.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com