Using the WAF instead of a jump server for ssh-tunneling?

Question

Hello everyone,This is how it works at the moment:We go from server A, in the internal network, with a public IP via ssh to a jump server in the DMZ.From the jump server we then go on to server B in the secure zone.I am relatively new to this and have been given the task of seeing if the WAF can replace the jump server.We use Advanced Web Application Firewall, r2600 with BIG-IP 17.1.1.3Is this possible and what do we need for it?Thank you in advance for your help !Best regards.&nbsp;

jeffrey_granier · Answer

WAF is going to be used for HTTP traffic.&nbsp; If you're simply looking for a connectivity option without security, then you can configure a SSH Virtual Server and you pool member would be the server in the DMZ.&nbsp; If you're looking for SSH security, then you might consider adding on AFM which can do SSH protocol inspection amongst other options.&nbsp; Secure SSH traffic with the SSH Proxy (f5.com)
&nbsp;
If no security is needed, you can restrict source IP;s on the LTM VS your configuring to access the DMZ jump server.&nbsp;&nbsp;

Forum Discussion

Using the WAF instead of a jump server for ssh-tunneling?

Recent Discussions

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

F5 Health Monitor Receive String as JSON

Cloudflare True-Client-IP as Persistence

Should config via cli rather than gui?

Get actual client ips in splunk

Related Content

Microsoft Exchange Server

BIGIP OAUTH : Transmit "Application id" to backend server after a successful atuthentication

SSL Heartbleed server side iRule

cs-server-addr & ss-server-addr are same !

Create a virtual server on internal vlan

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS