For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

david_baumgart_'s avatar
david_baumgart_
Icon for Cirrus rankCirrus
Nov 07, 2016
Solved

Locking down the ports of a Wildcard FTPS Server

Hey guys. I recently set up a wildcard FTPS server per the following:   https://support.f5.com/kb/en-us/solutions/public/9000/300/sol9347.html1   After some playing with it, I finally got this ...
application delivery
BIG-IP
LTM
security
  • david_baumgart_'s avatar
    david_baumgart_
    Nov 07, 2016

    I actually found/modified an iRule to fit my needs. If anybody in the future comes looking at this for an answer to this, here is my iRule:

    when CLIENT_ACCEPTED {    if {([TCP::local_port] == 21 ) ||  ([TCP::local_port] >= XXXXXX ) &&
([TCP::local_port] <= YYYYYY) } {      pool FTPS_POOL_NAME    } else reject}
Chase_Abbott's avatar
Chase_Abbott
Icon for Admin rankAdmin
Nov 07, 2016

You may be looking for an iRule similar to this?

 

https://devcentral.f5.com/s/feed/0D51T00006i7aY1SAI

 

I would prefer to place IP/Port rules in a firewall (or AFM if in play here) as it's much more streamlined and easy to troubleshoot but you may not have this option.