f5-gasingh
commented
5 years ago Hi simonkowallik, thank you for pointing out a potential issue. I've created a internal issue -1292 to track this work.
Closed simonkowallik closed 4 years ago
f5-gasingh
commented
5 years ago Hi simonkowallik, thank you for pointing out a potential issue. I've created a internal issue -1292 to track this work.
wduongf5
commented
4 years ago Release v3.0.3 resolved this issue.
The Firewall Rule for access to the WebUI management uses hardcoded ports, but the actual port of the WebUI is configurable by through YAML parameter
mgmtGuiPort. This might lead to an ineffective firewall rule, permitting access to the incorrect port.This applies to all templates, here are two examples: https://github.com/F5Networks/f5-google-gdm-templates/blob/0dfdfd380e171569722b60081181da5d680c61fc/supported/standalone/1nic/existing-stack/byol/f5-existing-stack-byol-1nic-bigip.py#L42 https://github.com/F5Networks/f5-google-gdm-templates/blob/0dfdfd380e171569722b60081181da5d680c61fc/supported/standalone/3nic/existing-stack/byol/f5-existing-stack-byol-3nic-bigip.py#L42
The port for WebUI management access in the function
def FirewallRuleMgmt(context):could be changed to includecontext.properties['mgmtGuiPort'], like this: