Is it safe to use the source address property to limit access to a VIP ?
Hi
I was wondering if anyone uses ONLY the Source IP address property to limit access to a VIP. I ask this as we tend to line up changes with ourselves and the firewall guys when opening a new VIP to the big bad world. I'm guessing if I set the Source to 172.16.0.0/12 then only "internal" IP addresses could access the VIP. Doing this would allow the firewall guys to do their change ahead of "launch"by allowing access, say on port 443 to the VIP address. Then the actual "launch", e.g. allowing access from the internet, could be controlled by BigIP, by changing the Source to 0.0.0.0/0 again.
I tried this internally and by setting my workstation IP address I could access a test site, my colleagues couldn't. They couldn't telnet to the test site but they could ping the VIP.
I'm asking in case anyone has tried this and come across any issues.
Thanks
Drew