Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions
Custom Alert Banner

F5 AppWorld 2024 session proposal deadline extended to Friday, December 8th!

Using Public IPs as a self, external and VS IPs

Go to solution
Aantat
Cirrus
Cirrus

‎13-Dec-2022 22:10

Hello Experts.

I'm going to implement F5 LTM with public self, floating and VS IP addresses. There will be no firewall with NAT in front of the LTM. I also have enough public addresses. Do not ask why, this is the wish of the client.

In general, I do not see any problems in implementation. But still I would like to clarify what I should pay attention to. Get some advice from you. I am concerned about one point, do I need to configure ARP for the VIP address?

I will be grateful for any advice. Thanks!

Labels:
0 Kudos
1 ACCEPTED SOLUTION

Go to solution
mihaic
MVP
MVP

‎13-Dec-2022 23:35 - edited ‎13-Dec-2022 23:40

I think ARP is enabled by default.

If you use Public IP's and no firewalls probably you will need to make sure you restrict things as much as possible.

Like :

 - make sure the self ip's port lockdonwn. "allow none"

- enable the vips only on the vlan with the public subnets

- use packet filters if you know the traffic only comes from specific sites/ip's

- make sure you use the latest version of F5 os

Here is an article about hardening your F5:

https://support.f5.com/csp/article/K53108777

 

View solution in original post

1 REPLY 1

Go to solution
mihaic
MVP
MVP

‎13-Dec-2022 23:35 - edited ‎13-Dec-2022 23:40

I think ARP is enabled by default.

If you use Public IP's and no firewalls probably you will need to make sure you restrict things as much as possible.

Like :

 - make sure the self ip's port lockdonwn. "allow none"

- enable the vips only on the vlan with the public subnets

- use packet filters if you know the traffic only comes from specific sites/ip's

- make sure you use the latest version of F5 os

Here is an article about hardening your F5:

https://support.f5.com/csp/article/K53108777

 

Copyright © 2023 Khoros, LLC