Forum Discussion
AltocumulusAllowing access to activate.f5.com through a firewall for ASM signature updates
Can the IP address of activate.f5.com change? A customer of mine allows their ASM to access the site by IP address in their firewall for signature updates, but a couple of months ago the address changed.
Does anyone know if this is a regular occurrence, or can I reasonably rely on the current address remaining the same? If not, does anyone know what the possible addresses are?
12 Replies
TortiCirrus
mhh, interesting. It looks like a different IP address. Now, i get 208.85.209.4. In the last years, I changed the IP one more time. From 65.61.115.202 to 65.61.115.251. I dont know, why they do something like that. Its no nice way. And there was no informations about that.
uniOK, we've established that it changes - hopefully it is because they use GTM :) It would be handy to know what possible addresses it could be. I suppose the same applies to callhome.f5.com.- Tortino, the change hansn't anything to do with the module. f5 did change the IP behind activate.f5.com. callhome.f5.com wasn't changed, its still 65.61.115.198
- Torti_93733
Nimbostratus
mhh, interesting. It looks like a different IP address. Now, i get 208.85.209.4. In the last years, I changed the IP one more time. From 65.61.115.202 to 65.61.115.251. I dont know, why they do something like that. Its no nice way. And there was no informations about that.
- uniOK, we've established that it changes - hopefully it is because they use GTM :) It would be handy to know what possible addresses it could be. I suppose the same applies to callhome.f5.com.
- Torti_93733no, the change hansn't anything to do with the module. f5 did change the IP behind activate.f5.com. callhome.f5.com wasn't changed, its still 65.61.115.198
smp_86112Cirrostratus
I have no experience with ASM updates - do you have the capability to configure the endpoint for the updates, or is that hard-coded to activate.f5.com?
- smp_86112Actually, this is probably irrelevant. I was going to propose a half-baked idea of creating a VIP with an iRule which resolves activate.f5.com and uses it for a Pool Member. However, I am confusing products - ASM is not an LTM...sorry.
hoolioI'll check with IT on activate.f5.com and callhome.f5.com and get back to you. I assume we're using multiple carriers and/or dynamically resolving the hostnames via GTM but will let you know. Hopefully we can provide a full list of all possible IPs and an idea of whether/how frequently they could change.
I'd suggest you consider scripting an update though to the ACL based on the current resolution of the hostnames if that's something your firewall can accommodate.
Edit: I have a ticket open with IT. I'll let you know what I get back.
Aaron
- hoolio
One could use whois on a couple of the different IP addresses you've found above to get the full ranges.
Aaron
- Torti
there exists a solution paper for the IP addresses: SOL15202
