I'm currently facing a situation where a network device can only be managed using telnet for access, but our corporate policy restricts the use of telnet. I'm exploring a solution where users can connect to an SSH proxy, and this proxy would then relay the traffic to the telnet port on the device. Telnet access to the server can be locked to LTM backend IP. I'm wondering if it's feasible to achieve this using an F5 BIG-IP Local Traffic Manager ? If it is indeed possible, I'd appreciate insights into the necessary steps and components needed to set this up effectively. Thank you for your assistance.
@dabance I would not use your LTM as a SSH proxy, especially because the F5 will receive the traffic as SSH traffic and will not be able to switch to the telnet protocol instead. You're better off configuring a jumphost for everyone to use, installing telnet on that jumphost, and finally restricting management access to that jumphost IP. Having the SSH jumphost also allows you to traffic what each user does.
@dabance I would not use your LTM as a SSH proxy, especially because the F5 will receive the traffic as SSH traffic and will not be able to switch to the telnet protocol instead. You're better off configuring a jumphost for everyone to use, installing telnet on that jumphost, and finally restricting management access to that jumphost IP. Having the SSH jumphost also allows you to traffic what each user does.
