Management IP's

Question

Hello ALL,&nbsp;
&nbsp;I do have a silly question and i am new to F5 Prodcuts.&nbsp;
&nbsp;I do have 3-DNS sitting facing the internet and all i need is how is it configured so that guys from outside cann't access and i see guys sitting inside are accessing.&nbsp;
&nbsp;My setup is 3-DNS interface is connected to external switch which is connected to INTERNET, so this box is  visible to external world.&nbsp;
&nbsp;I also checked the config on /etc/hosts.allow, don't find any host IP's.&nbsp;&nbsp;
&nbsp;Thanks in advance for your assistance.&nbsp;&nbsp;

the_bhattman · Answer

Any change you have a firewall between the your 3DNS and the Internet?&nbsp;
&nbsp;/CB&nbsp;

hoolio · Answer

As bmbhatt suggests, it's ideal to have a firewall between the BIG-IP (or 3DNS) and any insecure network).  It's also recommended to use the mgmt port (interface 3.1) to administer the units.  Ideally, you'd have the management port on a discrete internal subnet not reachable from any public network.  &nbsp;
&nbsp;You can configure which ports are open/need to be open on the self IP addresses using the port lockdown configuration.  For more info on port lockdown, check SOL7317 (Click here).&nbsp;
&nbsp;Aaron

Forum Discussion

Management IP's

Recent Discussions

AS3 Limitations

Unable to install firmware OS and drop at 10%

Statistics ›› Analytics : HTTP : Overview

How to Renew F5 Device Certificate

F5 ASM CEF Sending Logs in Specific TimeZone

Related Content

BIG-IP Next Central Manager API with Postman

Using iControl REST API to manage F5 BIG-IP Advanced Firewall Manager (AFM)

Prepare BIG-IP Central Manager for Automation

Manage F5 BIG-IP FAST with Terraform (Intro)

Manage F5 BIG-IP Advanced WAF Policies with Terraform (Intro)

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS