For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Goldz_180077's avatar
Goldz_180077
Icon for Nimbostratus rankNimbostratus
Jan 29, 2017
Solved

How to create an iRules that allowing multiple ports on a single VIP IP address

How to create an iRules that allowing multiple ports on a single VIP IP address. Example i have 1 VIP 10.10.10.10 with port range 50000-60000 for SFTP active, with pool member 20.20.20.20 port: 50000...
application delivery
iRules
LTM
security
  • Maneesh_72711's avatar
    Maneesh_72711
    Jan 31, 2017

    Additionally with the same i-rule can you change your VIP to performance layer 4 instead of standard and then check do a tcpdump to see whether the VIP is doing a 3way handshake.

     

JoshBecigneul's avatar
JoshBecigneul
Icon for MVP rankMVP
Jan 31, 2017

It might be worthwhile to invert your logic and drop the "not" statement, to verify everything is working, then work towards flipping it back.

This is untested:

if{([TCP::local_port] > 50000 and [TCP::local_port] < 60000)} {
    permit
elseif {[TCP::local_port] == 22 }{
    permit
} else {
     Drop request
    drop
}