[BIG-IP] What is the Port Lockdown setting for Self IPs?

Load Balancer

Target environment

  • BIG-IP Virtual Edition
    • version 15.x.x

Port Lockdown setting for Self IPs

Port Lockdown is one of the settings for Self IPs.

Port Lockdown is a setting item that specifies the protocols and services that the target Self IP allows reception.

The Port Lockdown value choices are:

  • Allow Default
  • Allow All
  • Allow None
  • Allow Custom
  • Allow Custom (Include Default)

Port lockdown exceptions

The following communications are allowed regardless of the Port Lockdown setting.

  • TCP mirroring ports
  • TCP port 4353
  • ICMP
  • Traffic destined for services configured on the virtual server

Allow Default

The following protocols and services are allowed.

  • IGMP
  • OSPF
  • PIM
  • TCP/4353 – iQuery
  • UDP/4353 – iQuery
  • TCP/443 – HTTPS
  • TCP/161 – SNMP
  • UDP/161 – SNMP
  • TCP/22 – SSH
  • TCP/53 – DNS
  • UDP/53 – DNS
  • UDP/520 – RIP
  • UDP/1026 – network failover

You can check the protocols and services allowed by default with the tmsh list net self-allow command in the CLI.

config # tmsh list net self-allow
net self-allow {
    defaults {
        igmp:any
        ospf:any
        pim:any
        tcp:domain
        tcp:f5-iquery
        tcp:https
        tcp:snmp
        tcp:ssh
        udp:520
        udp:cap
        udp:domain
        udp:f5-iquery
        udp:snmp
    }
}

Allow All

It means allowing all connections.

Allow None

Means not allow all connections.

Allow Custom

Select this option to manually set the protocols and services you want to allow.

Allow Custom (Include Default)

Select this option to allow manually configured protocols and services in addition to the protocols and services allowed by the Allow Default option.

References

myF5


Comments

Ads Blocker Image Powered by Code Help Pro

Ads Blocker Detected!!!

We have detected that you are using extensions to block ads. Please support us by disabling these ads blocker.

タイトルとURLをコピーしました