For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

phowes's avatar
phowes
Icon for Nimbostratus rankNimbostratus
Feb 12, 2020
Solved

Routing application traffic through management interface

Hello all, I have a PoC setup in our lab with a management, internal and DMZ network and have a problem with routing. The F5 always sends the connection to the ADFS backend out from its DMZ interfac...
application delivery
iApps
LTM
routing
tmm
  • cjunior's avatar
    cjunior
    Feb 12, 2020

    Hi dude,

    The out-of-band mgmt interface has a real benefits, especially for security and when you face issues on BIG-IP data plane controller.

    But sometimes, infrastructure limits and force us to adapt on it.

    In some cases, I used to set an "mgmt" address on traffic interfaces due to a mgmt network absent. So, I left the mgmt port/vlan unplugged from network cable or vlan, 

    I put a dummy/or default ip address to it, and then I created a selfip with default services allowed to manage that from traffic interface.

    In your case, I think is better to route traffic through firewall and keep all things working as default as you can't change de server addresses or mgmt network range.

    It's just a little case opinion.

     

    Kind regards.

phowes's avatar
phowes
Icon for Nimbostratus rankNimbostratus
Feb 12, 2020

hi cjunior,

 

sure, I see the benefits of OOB management and this will definitely be noted for the project itself. I had a think and an extra firewall rule is not the end of the world, I'll keep things as they are.

 

Thanks for your opinion!