Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

smalex_355988's avatar
smalex_355988
Icon for Nimbostratus rankNimbostratus
Jun 10, 2018

Firewall rules for F5 Security update

I am implementing ASM in our environment. But when I check the security updates, last security update was on 2016!!!. We need to ask our network team to make relevant changes on firewall to allow F5 ...
big-ip
security
youssef1's avatar
youssef1
Icon for Cumulonimbus rankCumulonimbus
Jun 10, 2018

Hi,

 

Allowing signature updates through a firewall:

 

Host servers (Destination):

 

  • port 443
  • port 443

And of course you have to resolve public host (DNS access).

 

You have all information you need in this KB:

 

https://support.f5.com/csp/article/K8217

 

You can also process your update trough an proxy, it's describe in the KB that i give you above.

 

Let me now if you need more details.

 

Additional information, The source IP address of the resulting traffic uses either a non-floating self IP address or the management IP address, depending on the matching route. If Internet access is not available for automatic updates, error messages similar to the following examples are reported in the Configuration utility and logged in the /var/log/asm.

 

Regards