13-Dec-2022 22:10
Hello Experts.
I'm going to implement F5 LTM with public self, floating and VS IP addresses. There will be no firewall with NAT in front of the LTM. I also have enough public addresses. Do not ask why, this is the wish of the client.
In general, I do not see any problems in implementation. But still I would like to clarify what I should pay attention to. Get some advice from you. I am concerned about one point, do I need to configure ARP for the VIP address?
I will be grateful for any advice. Thanks!
Solved! Go to Solution.
13-Dec-2022 23:35 - edited 13-Dec-2022 23:40
I think ARP is enabled by default.
If you use Public IP's and no firewalls probably you will need to make sure you restrict things as much as possible.
Like :
- make sure the self ip's port lockdonwn. "allow none"
- enable the vips only on the vlan with the public subnets
- use packet filters if you know the traffic only comes from specific sites/ip's
- make sure you use the latest version of F5 os
Here is an article about hardening your F5:
https://support.f5.com/csp/article/K53108777
13-Dec-2022 23:35 - edited 13-Dec-2022 23:40
I think ARP is enabled by default.
If you use Public IP's and no firewalls probably you will need to make sure you restrict things as much as possible.
Like :
- make sure the self ip's port lockdonwn. "allow none"
- enable the vips only on the vlan with the public subnets
- use packet filters if you know the traffic only comes from specific sites/ip's
- make sure you use the latest version of F5 os
Here is an article about hardening your F5:
https://support.f5.com/csp/article/K53108777