Forum Discussion

Aantat's avatar
Aantat
Icon for Cirrus rankCirrus
Dec 14, 2022
Solved

Using Public IPs as a self, external and VS IPs

Hello Experts.

I'm going to implement F5 LTM with public self, floating and VS IP addresses. There will be no firewall with NAT in front of the LTM. I also have enough public addresses. Do not ask why, this is the wish of the client.

In general, I do not see any problems in implementation. But still I would like to clarify what I should pay attention to. Get some advice from you. I am concerned about one point, do I need to configure ARP for the VIP address?

I will be grateful for any advice. Thanks!

  • I think ARP is enabled by default.

    If you use Public IP's and no firewalls probably you will need to make sure you restrict things as much as possible.

    Like :

     - make sure the self ip's port lockdonwn. "allow none"

    - enable the vips only on the vlan with the public subnets

    - use packet filters if you know the traffic only comes from specific sites/ip's

    - make sure you use the latest version of F5 os

    Here is an article about hardening your F5:

    https://support.f5.com/csp/article/K53108777

     

1 Reply

  • I think ARP is enabled by default.

    If you use Public IP's and no firewalls probably you will need to make sure you restrict things as much as possible.

    Like :

     - make sure the self ip's port lockdonwn. "allow none"

    - enable the vips only on the vlan with the public subnets

    - use packet filters if you know the traffic only comes from specific sites/ip's

    - make sure you use the latest version of F5 os

    Here is an article about hardening your F5:

    https://support.f5.com/csp/article/K53108777