For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

taro_107756's avatar
taro_107756
Icon for Nimbostratus rankNimbostratus
Nov 02, 2007

OneConnect: Security Consideration

The following description is in SOL6997.     "The BIG-IP LTM applies the source mask to the request, finds an eligible TCP connection, and aggregates the request from client B over the existing...
config
design
zafer's avatar
zafer
Icon for Nimbostratus rankNimbostratus
Jun 03, 2008
Hi Deb,

 

 

if i configure oneconnect profile with network mask /24. What will i see source ip address in sniffed packets on server side (between bigip and servers).

 

 

why ask this question;

 

 

the server has access list ; some client accessible application the others not

 

if i configure the oneconnect profile with mask /24 some times i see forbidden.

 

 

when i look the tcpdump on client side source address exist on server accesslist but when i look the server side tcpdump i see different source address.

 

 

what i understand f5 uses first time opened connection on server side (when oneconnect enabled) and if the ip address can be different client address on client side?

 

 

regards

 

 

zafer