How to make sure the F5 management access is restricted


How to make sure the F5 management access is restricted

The F5 is an application delivery controller that can be used for variety of different sensitive applications. While using the different capabilities of the device, we would like to restrict and monitor the people who access the device and make sure that only allowed clients can access the management interface, otherwise, our system can be compromised.

The script will pull the allowed clients list from the F5 device and will display it on the Indeni live configuration dashboard, it will also alert us if the device is accessible from any IP.

Vendor Refrence:

Steps to identify allowed IP addresses manually:

Log into the F5 using SSH, enter TMSH and run the command “list /sys httpd allow". Each entry in the list represents an allowed IP address. If “All” exists – the management interface of the F5 device is accessible from any IP.

Image title

How it can be completed automatically with Indeni:


name: rest-mgmt-tm-sys-httpd-allowed

description: Get the management allowed ip list

type: monitoring

monitoring_interval: 1 minutes


vendor: "f5"

product: "load-balancer"

rest-api: "true"

shell: "bash"



why: |

Allowing access to the F5 management interface from any IP address can cause a security issue. The access should be restricted.

how: |

This script logs into the F5 unit via iControl REST and retrieves the list of the management allowed IP addresses.

without-indeni: |

An administrator can login to the unit through SSH, type TMSH and execute the command "list /sys httpd allow" to view the configured allowed IP"s.

can-with-snmp: false

can-with-syslog: false

vendor-provided-management: |

This information is available via TMSH.


url: /mgmt/tm/sys/httpd

protocol: HTTPS






_constant: "allowed-ips"


_constant: "true"


_constant: "Allowed Management IP Addresses"


_constant: "F5"



_value: $.allow

_value: complex-array

View code here.

Here is what it would look like on Indeni Console:

Image title

Use this script by downloading Indeni today. Thanks!


Congrats Daniel on your first automation script!