Forum Discussion
Lucas_Thompson
Jul 23, 2024Employee
Some good initial actions probably are:
- Determine the protocol used for the auth attempts sourced from your IP. Was it HTTP? Kerberos? RADIUS?
- The most likely source for the traffic is someone accessing the internet through your BIG-IP. Does your config offer NATting for outbound arbitrary connections? If so, what is your acceptable use policies and auditing/logging policies for this service?
- If your config does NOT offer NATing over the network, it is possible that you have an unauthorized user. The self-ips can be used to source connections from the control plane, depending on how the BIG-IP's routing is set up. Review this solution article:
https://my.f5.com/manage/s/article/K11438344