Settings to Lock Down your BIG-IP - Remote Role

Information

Next, if you haven't done this already, configure the BIG-IP for remote authentication against, say, the enterprise Active Directory repository. Make this happen from the System > Users > Authentication screen and ensure that the default role is Application Editor or less.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

1. Log in to the Configuration utility as the administrative user.
2. Navigate to System > Users > Remote Role Groups.
3. Select Group Name and edit Assigned Role.
4. Click Update.

You can use the /auth remote-role command to provide somewhat granular authorization to each user group.

(tmos)# help /auth remote-role

See Also

https://support.f5.com/csp/article/K53108777#link_01

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-5(1), CAT|II, CCI|CCI-001813, Rule-ID|SV-74639r1_rule, STIG-ID|F5BI-DM-000213, Vuln-ID|V-60209

Plugin: F5

Control ID: 723720dfe2ed8501f0083c78a74cd35182520b0cc565b7e609155fdc9bc69813