Automap enabled-f5-all

Automap enabled-f5-all

Vendor: f5

OS: all

Description:
Automap works great for assymetric routing, but can result in port exhaustion. indeni will alert if automap is used.

Remediation Steps:
Information about automap, SNAT Pools and port exhaustion is available at https://support.f5.com/csp/article/K7820#exhaustion

How does this work?
This alert uses the iControl REST interface to extract the use of automap on virtual servers.

Why is this important?
Using automap is a great way to troubleshoot assymetric routing, but is considered not ideal in a busy live environment because of a risk of port exhaustion. In case of high amount of traffic it is better to create a “SNAT Pool” with multiple IP addresses on the member networks.

Without Indeni how would you find this?
Login to the device’s web interface and click on “Local Traffic” and then “Virtual servers”. For each of the Virtual Servers, verify that automap is not used as “Source Address Translation”.

f5-rest-mgmt-tm-ltm-virtual

name: f5-rest-mgmt-tm-ltm-virtual
description: Determine use of automap, and if any wildcard forwarding servers listening
    on all VLANs exists.
type: monitoring
monitoring_interval: 60 minute
requires:
    vendor: f5
    product: load-balancer
    rest-api: 'true'
comments:
    f5-automap-used:
        why: |
            Using automap is a great way to troubleshoot assymetric routing, but is considered not ideal in a busy live environment because of a risk of port exhaustion. In case of high amount of traffic it is better to create a "SNAT Pool" with multiple IP addresses on the member networks.
        how: |
            This alert uses the iControl REST interface to extract the use of automap on virtual servers.
        can-with-snmp: true
        can-with-syslog: false
    f5-wildcard-forwarding-servers:
        why: |
            It is generally not recommended to have a virtual server listening on all VLANs with a destination of any. This can short circuit any VLANs behind the load balancer and is not ideal in terms of security.
        how: |
            This alert uses the iControl REST interface to extract any virtual forwarding servers listening to all destinations and on all VLANs.
        can-with-snmp: true
        can-with-syslog: false
steps:
-   run:
        type: HTTP
        command: /mgmt/tm/ltm/virtual?$select=fullPath,sourceAddressTranslation,ipForward,destination,source,vlans
    parse:
        type: JSON
        file: rest-mgmt-tm-ltm-virtual.parser.1.json.yaml

f5_automap_enabled

Failed to fetch the data: https://bitbucket.org/indeni/indeni-knowledge/src/master/rules/templatebased/f5/f5_automap_enabled.scala