alaari-f5
commented
4 years ago Internal issue created 1687
Closed simonkowallik closed 1 year ago
alaari-f5
commented
4 years ago Internal issue created 1687
asaphef
commented
4 years ago is there some workaround to this except accessing through nic-0?
shyawnkarim
commented
4 years ago Typically, we lock down all external interfaces and only expose the services for VIPs, however, if access is needed to external interface (eth0) via port 22, you could add
"add { tcp:22 }"
to the end of line 419, for example, on this template
so that the line now looks like
'"tmsh create net self self_external address ${INT1ADDRESS}/32 vlan external add { tcp:22 }"',
while creating Virtual Service FW rules to the external interface, also create a rule to allow "22".
simonkowallik
commented
3 years ago @shyawnkarim @asaphef
Here is an example for a 3-nic deployment and enabling access on the "internal nic" (the self ip).
with:
'"tmsh create net self self_internal address ${INT2ADDRESS}/32 vlan internal allow-service add { tcp:22 tcp:443 }"',Closing due to age. These legacy templates are now in maintenance mode and are being replaced by our next-generation templates available in the Cloud Templates 2.0 GitHub repo.
Do you already have an issue opened with F5 support?
No
Description
With multi-nic templates NIC1 becomes the management NIC for BIG-IP. All GCP admin access methods work on NIC0. Hence it is not clear how to access the BIG-IP via SSH/WebUI after deployment. While the current documentation does mention gcloud commands and other gcp access methods don't work due to the MGMT move to NIC1, it does not outline how to access the BIG-IP on NIC1 for multi-nic templates.
This issue is a re-open of issue #18. This comment: https://github.com/F5Networks/f5-google-gdm-templates/issues/18#issuecomment-487126352 provides guidelines how access via SSH would be possible on NIC1, but it should be documented properly in the readme/documentation.
Template
multi-nic templates
Severity Level
Severity: 5