>On Thu, 30 Sep 1999 11:25:06 +0100, "Cleaver, Richard J" ><Richard.Cleaverat_private> said: >It's a UNIX box under the covers, BSDI. They seem to have done a good >job of locking it down and are ssh-aware. Tho I was surprised to see >they had IP forwarding enabled so I could route right through it. IP forwarding on BigIP has to be specifically enabled. Out of the box it is setup as default DENY. In other words, only those IPs and services setup with VIPs will get traffic. Also ICMPs are not passed, except for Fragment/Dont Fragment. Out of the box it does NOT run gated but it can. Out of the box F5 locks things down but gives you the option of bringing up a number of options that might affect your security position but also remember BigIP is NOT a FW and they dont sell it as one, it is a load balancer. You should still have a FW. -= stan
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:42:06 PDT