For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Luke_Drury_7634's avatar
Luke_Drury_7634
Icon for Nimbostratus rankNimbostratus
Sep 03, 2009

Managment interface is running on all interfaces?

Hi all.     I am a bit of F5 newbie and have setup our LB's without any training, (read tight AR$e boss)   As a result I am learning as I go, so please excuse the seemingly dumb follow...
config
design
The_Bhattman's avatar
The_Bhattman
Icon for Nimbostratus rankNimbostratus
Sep 03, 2009
Hi Red,

 

Go into into the section where you defined the self addresses and select each self address, there is a setting called PORT Lockdown(I can't remember the exact language but you will know it when you see it). If it's already set to Allow default then it's allowing protocols and ports on each of the self-address

 

 

PROTOCOL ospf

 

PROTOCOL tcp SERVICE 4353 (iQuery)

 

PROTOCOL udp SERVICE 4353 (iQuery)

 

PROTOCOL tcp SERVICE https (port 443)

 

PROTOCOL tcp SERVICE snmp (port 161)

 

PROTOCOL udp SERVICE snmp (port 161)

 

PROTOCOL tcp SERVICE ssh (port 22)

 

PROTOCOL udp SERVICE domain (port 53 - DNS)

 

PROTOCOL tcp SERVICE domain (port 53 - DNS)

 

PROTOCOL udp SERVICE router (port 520 - RIP)

 

PROTOCOL udp SERVICE 1026 (network failover)

 

 

You have other settings like Allow none, Allow all and allow custom. Allow Custom you can simply lock down port 22 and 443 and let the others through.

 

 

Each self address must be locked down that way

 

 

Hope this helps.

 

CB