Forum Discussion

lee_clack_13325's avatar
lee_clack_13325
Icon for Nimbostratus rankNimbostratus
Nov 05, 2013

Changing Default GUI HTTPS port

Hi All,   I'm pretty new to the world of F5's but have been recently tasked with running with a proof of concept for a new project we've got running. One of the idealistic requirements i've been ...
Kevin_Stewart's avatar
Kevin_Stewart
Icon for Employee rankEmployee
Nov 05, 2013

You can manually edit the /var/run/config/httpd.conf.d/ssl.conf file to change the management GUI's port, but that will usually be reset on config reload and reboots. Otherwise there are no settings in TMSH to change the management GUI's port.

There is one other approach that may work though.

  • Create a VIP on the desired port, apply client and server SSL profiles, and this iRule:

    when CLIENT_ACCEPTED {
    node 127.0.0.1 443
}

  • In tmsh remove allow access to httpd from anything other than localhost:

    tmsh modify sys httpd allow replace-all-with { 127.0.0.1 }

Direct access to the management IP and default port will be denied/forbidden. If you ever break the VIP and/or lose access to the management GUI through this VIP, simply unlock the httpd allow:

    tmsh modify sys httpd allow replace-all-with { all }