Forum Discussion
nitass
Jan 24, 2012Employee
may we do reverse lookup on destination ip and drop it if it is not part of rsa.com?
RESOLV::lookup wiki
http://devcentral.f5.com/wiki/iRules.resolv__lookup.ashx
if it is, perform snat. so, source ip will be bigip. on firewall, only allow traffic from bigip ip.
is this a little bit better?
just my 2 cents.