Forum Discussion
suthomas1
Cirrostratus
Cirrostratusirule ports
Good day all, I had few doubts for ltm. 1) is a service with all ports allowed but an irule with limited ports secure? will the irule come into picture for the ports first? 2) any easy way to...
Hello ,
- Yes, it is secure. But there are other options too. Please read this devcentral article by : Three Ways to Specify Multiple Ports on a Virtual Server
- There is the mv command, it renames or moves a TMOS configuration object. I never tested it... Please see https://clouddocs.f5.com/cli/tmsh-reference/v15/commands/mv.html
KR
Daniel
suthomas1Cirrostratus
CirrostratusThanks Mike.
Re-writing the first question - how secure is any VS that has all ports allowed? & if it has an irule that lists few ports, will the irule be checked first for ports?
- Mike757
MVP
I see what you mean - as Daniel pointed out above, it is secure, but in the article everything is better explained. If you use an iRule (or policy), the TCP reset only happens after the 3-way handshake is completed. If you use a port list the handshake fails straigh away, which is better in terms of resource efficiency.
If I recall correctly, shared objects (address and port lists) appeared in version 14.
Mike
