Forum Discussion

Nimbostratus

Mar 25, 2015

Lync iApp 4.0 RC1

Has anyone else worked with the (unsupported) 4.0 template? The version I'm trying does support template questions related to AFM configuration, but the result I'm seeing in the resulting configurati...

advanced firewall manager

Historic F5 Account

Mar 26, 2015

Unfortunately, AFAIK in iApps we have no way of telling which firewall mode BIG-IP is running. If we could, the iApp could check for the action on the default rule and not create the dropPackets rule.

Even that would be a problem because that would only check at iApp runtime. If someone went in and changed from firewall to ADC mode outside of the iApp, then we have left you with an insecure config.

That said, you could either edit the iApp, removing this text from the firewall_arr array:

                dropPackets \{ \
                    action drop \
                    log yes \
                    ip-protocol tcp \
                    status enabled \
                    source \{ addresses replace-all-with \{ any/any \}\} \
                  \}

You could also just create your own firewall policy outside of the iapp and assign it when you answer the "Do you want to use BIG-IP AFM to protect Lync edge and external web services?" question. Or you could leave it as-is, since there shouldn't be any problem with passing traffic through this config that I can think of.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)