Automap enabled for F5

Vendor

F5

Description

Automap works great for assymetric routing, but can result in port exhaustion. Indeni will alert if automap is used.

Remediation Steps

Information about automap, SNAT Pools and port exhaustion is available at https://support.f5.com/csp/article/K7820#exhaustion

How does this work?

This alert uses the iControl REST interface to extract the use of automap on virtual servers.

Why is this important?

Using automap is a great way to troubleshoot assymetric routing, but is considered not ideal in a busy live environment because of a risk of port exhaustion. In case of high amount of traffic it is better to create a "SNAT Pool" with multiple IP addresses on the member networks.

Without Indeni how would you find this?

Login to the device's web interface and click on "Local Traffic" and then "Virtual servers". For each of the Virtual Servers, verify that automap is not used as "Source Address Translation".

View Source Code
single