Firewall Wizards mailing list archives
Re: BigIP controller - any issues?
From: Stan Scalsky <sscalsk () mail ameritel net>
Date: Fri, 01 Oct 1999 03:20:43 +0600
On Thu, 30 Sep 1999 11:25:06 +0100, "Cleaver, Richard J" <Richard.Cleaver () capgemini co uk> said:
It's a UNIX box under the covers, BSDI. They seem to have done a good job of locking it down and are ssh-aware. Tho I was surprised to see they had IP forwarding enabled so I could route right through it.
IP forwarding on BigIP has to be specifically enabled. Out of the box it is setup as default DENY. In other words, only those IPs and services setup with VIPs will get traffic. Also ICMPs are not passed, except for Fragment/Dont Fragment. Out of the box it does NOT run gated but it can. Out of the box F5 locks things down but gives you the option of bringing up a number of options that might affect your security position but also remember BigIP is NOT a FW and they dont sell it as one, it is a load balancer. You should still have a FW. -= stan
Current thread:
- Re: BigIP controller - any issues? Stan Scalsky (Oct 01)
- Re: BigIP controller - any issues? Joseph S D Yao (Oct 02)
- Re: BigIP controller - any issues? Adam Shostack (Oct 04)
- <Possible follow-ups>
- RE: BigIP controller - any issues? Victor Granic (Oct 02)
- RE: BigIP controller - any issues? Hardcastle, Kevin (Oct 02)
- Re: BigIP controller - any issues? Unknown (Oct 04)
- RE:BigIP controller - any issues? Craig Woods (Oct 05)
- Re: BigIP controller - any issues? Gregory Blake (Oct 05)
- Re: BigIP controller - any issues? Kevin Steves (Oct 18)
- Re: BigIP controller - any issues? Ejovi Nuwere (Oct 19)
- Re: BigIP controller - any issues? Joseph S D Yao (Oct 02)