Forum Discussion

Thomas_Gobet's avatar
Thomas_Gobet
Icon for Nimbostratus rankNimbostratus
Jan 17, 2014

Management through APM with Network Access

Hello team,

 

I'd like to how we can access our BIG-IP inside a network access session. I made a tcpdump and my BIG-IP can see traffic but it never answer it, even if it's destinated to a self IP.

 

I've already done something similar but I can't remember how I did (it was with an iRule but that's only what I can remember). I know it's not something good about security, but it's a firepass migration and on firepass we were able to do this.

 

Thanks guys.

 

access management
application delivery
BIG-IP Access Policy Manager (APM)
devops
iRules
network access
security
TMOS
  • Lee_Payne_53457's avatar
    Lee_Payne_53457
    Icon for Cirrostratus rankCirrostratus
    Jan 17, 2014

    I would also look at changing the port lockdown settings to be doubly sure that no-one can get in.

     

    http://support.f5.com/kb/en-us/solutions/public/13000/200/sol13250.html

     

  • Thomas_Gobet's avatar
    Thomas_Gobet
    Icon for Nimbostratus rankNimbostratus
    Jan 17, 2014

    Hi,

     

    You're right if I try to access the management interface I haven't got any problem. I avoided to specify it was on a self IP he tried to access his BIG-IP.

     

    I will tell him it's unsecure to access the management through a production IP.

     

  • Lee_Payne_53457's avatar
    Lee_Payne_53457
    Icon for Cirrostratus rankCirrostratus
    Jan 17, 2014

    We access our APM while connected through a network connection without any issue, to me it sounds like a routing issue or a firewall issue, the management interface will have a different IP address to the traffic interface (and I would hope the IP range you are assigning to clients) so as long as you can prove there is a valid path (on 443) to the management interface there shouldn't be an issue.