GTM working over the Internet
Hello,
I have 2 questions about a new design of Global Load Balancing over the Internet with our BigIPs devices configured in our corporate DMZs:
1) my understanding is that TCP/22, TCP/443, TCP/UDP/4353 should be opened over the Internet to create a fully-meshed communication matrix among all LTMs/GTMs around the world. But is it feasible that these 3 ports are opened on any FW in the Internet?
2) If we open these 3 ports on our LTMs/GTMs devices, is there a ufficial hardening document on how to protect from exploit from the Internet on these ports?
PS: If - for whatever vulnerability - one of our BigIP is hacked to obtain root access, then among all the worst things, the BigIPs have no clear separate Management interface and an attacker could hack other devices in the inside network. Is this amajor design security flaw not to have a separate Management interface on f5 boxes?