F5 Distributed Cloud - Mitigation for Cross Tenant Origin Exposure (CTOE)
F5 Distributed Cloud (XC) offers a suite of powerful features designed to simplify the lives of administrators and engineers. A key aspect of this ease of use comes from shared objects, such as Regio...
Published Oct 29, 2024
Version 1.0Brad_Scherer
Employee
Joined May 16, 2019
Walter_Kacynski
Oct 31, 2024Cirrostratus
In example 3, why is a public IP still advertised in-front of the CE? From my experience, the CE creates an egress tunnel that disallows inbound NAT.
- Brad_SchererOct 31, 2024Employee
It's an indicator that a public IP is still necessary to establish the tunnel with the RE's. The public IP doesn’t necessarily imply open inbound access but is more of a functional component for creating the egress tunnel while still preventing inbound NAT.