BigIP in multiple vlans: Possible security issue

Question

Hello,
i have a question because of a possible security issue. A BigIP with two interfaces is connected to an internal an external firewall. In the same internal and external VLANs are multiple application server. The default gateway of these app server is the internal or external firewall. If i change the DG of the app server (because of a configuration mistake or consciously), so the new DG is the internal or external ip of BigIP. What happens with the whole traffic (not only loadbalanced traffic) ? Is all traffic going through BigIP and is not restricted and controlled by the firewalls ? Hope it is clear, what i want to describe.&nbsp;

stanislas_piro2 · Answer

If a bigip is in different dmz networks, you should configure route domains for every vlan.&nbsp;
If you don't configure route domains, all dmz server will be routed on the same outgoing dmz (you can prevent this behavior with vlan filter on forwarding vs, but you have to think about this every times you create a vs)&nbsp;
Another security issue is a virtual server in dmz1 can forward to pool members in dmz2...&nbsp;

Forum Discussion

BigIP in multiple vlans: Possible security issue

1 Reply

Recent Discussions

import live updates from version x to version y

Tenant image upgrade

iRule editor partition button does not work

F5Access | MacOS Sonoma

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Related Content

User roles per partition: are multiple possible?

Using ChatGPT for security and introduction of AI security

Ransomware/multiple subcontract structure,GitHub - This Week in Security - Dec 17th to Dec 23th 2022

Is it possible to enter multiple emails instead of one for alerts?

ChatGPT and security - This Week in Security Feb 18th to Feb 25th, 2023