Forum Discussion

Thomas_Gobet's avatar
Thomas_Gobet
Icon for Nimbostratus rankNimbostratus
Jan 17, 2014

Management through APM with Network Access

Hello team,

 

I'd like to how we can access our BIG-IP inside a network access session. I made a tcpdump and my BIG-IP can see traffic but it never answer it, even if it's destinated to a self IP.

 

I've already done something similar but I can't remember how I did (it was with an iRule but that's only what I can remember). I know it's not something good about security, but it's a firepass migration and on firepass we were able to do this.

 

Thanks guys.

 

  • We access our APM while connected through a network connection without any issue, to me it sounds like a routing issue or a firewall issue, the management interface will have a different IP address to the traffic interface (and I would hope the IP range you are assigning to clients) so as long as you can prove there is a valid path (on 443) to the management interface there shouldn't be an issue.

     

  • Hi,

     

    You're right if I try to access the management interface I haven't got any problem. I avoided to specify it was on a self IP he tried to access his BIG-IP.

     

    I will tell him it's unsecure to access the management through a production IP.

     

  • I would also look at changing the port lockdown settings to be doubly sure that no-one can get in.

     

    http://support.f5.com/kb/en-us/solutions/public/13000/200/sol13250.html