IPs leaking out from the F5 in Disabled mode.

Question

Hi,&nbsp;
We have a new F5 5050 model using LTM and connected to the Production Network. We are configuring the new Virtual Servers on it on disable mode to migrate the old F5 to this new: There is an field when you are configuring a new VS that is 'State', which by default is Enabled but we change it to Disabled, and then finish the configuration of the VS.&nbsp;
Even so, we have noticed that the VS IP Address advertises on the Network, so the Firewall ARP table shows it [but the VS has never been Enabled (green)].&nbsp;
What is then the point on configuring a VS on Disabled mode then? or Does that mean a different thing? we want to avoid the IPs leaking out from the F5 before the migration.&nbsp;
All suggestion appreciated.&nbsp;
Thanks.&nbsp;

vijay_e · Answer

VS in disabled state won't accept any new connections. However, the IP is still owned by that VS. When doing hardware migration, I would recommend keeping all the interfaces except management interface shutdown. You can copy the configuration over via mgmt. interface. During maintenance, shut the interfaces for the old F5 and enable interfaces for the new F5.

jana · Answer

You can refer to https://support.f5.com/csp/article/K5773&nbsp;

a_basharat · Answer

Hi,&nbsp;
Apart from disabling the interfaces involved, there is another way of doing it safely without disabling interfaces, so It is like:&nbsp;
When creating the Virtual Server or SNAT/NAT IPs on disable status -&gt; associate them to a VLAN [dummy VLAN that doesn't propagate to the Network]: Configuration[Advanced]&gt;&gt;VLAN and Tunnel Traffic&gt;&gt;Enabled on&gt;&gt;Select VLAN. And afterward, disable ARP advertising and ICMP echo responses as per the link mentioned above by Jana Bollineni.
Hope that does help, it did to us. &nbsp;

kai_wilke · Answer

Hi a.basharat,&nbsp;
why not putting the entire device into the "Force Offline" mode during the initial configuration / migration? &nbsp;
https://support.f5.com/csp/article/K15122&nbsp;
Cheers, Kai&nbsp;

Forum Discussion

IPs leaking out from the F5 in Disabled mode.

4 Replies

Recent Discussions

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Pricing when used with aws waf

F5 terminal - help to run commands - disk space full

import live updates from version x to version y

Tenant image upgrade

Related Content

Leaked Credential Check with Advanced WAF

F5 TCP Proxy mode

US Intelligence Leaks, SwaaS, and OpenAI bug bounty - April 8th - 14th - This Week in Security

Explanation of F5 DDoS threshold modes

Integrating SSL Orchestrator with CheckPoint Firewall VM-Bridge Mode (L2)