Forum Discussion

Cirrus

Mar 24, 2021

Solved

Port Lock down | Impact

Hi All, Hope your are doing great. I am planning to restrict access on Self IP. Can you please help to understand the impact of port lock down when i change it from allow all to "None". ...

application delivery

BIG-IP

LTM

Amine_Kadimi
Mar 25, 2021
Hi,

1) If i ll allow default , then what all ports will be allowed
https://support.f5.com/csp/article/K17333

2) If i ll use custom, then what all port should i allow
Only those needed for your scenario. If you don't have gtm and you don't administer through self IP then udp/1026 but only if you are using that self IP for the cluster.

3) I can for logging into GUI , CLI we are using management IP . So I consider that administration is not manage by Self IP.
Sounds right.

4) Please let me know how i ll identity whether Self IP is being used for cluster communication or not.
From Device Management > Devices, open the BIG-IP you are logged in (self), then from the "Device connectivity" drop down menu check the settings of the different entries to know which IPs are used.

RAQS

Cirrus

Mar 25, 2021

Hi Amine,

Thank you very much for your time and reply.

So please help me to understand below

1) If i ll allow default , then what all ports will be allowed

2) If i ll use custom, then what all port should i allow

3) I can for logging into GUI , CLI we are using management IP . So I consider that administration is not manage by Self IP.

4) Please let me know how i ll identity whether Self IP is being used for cluster communication or not.

Regards,

RAQS

Amine_Kadimi

MVP

Mar 25, 2021

Hi,

1) If i ll allow default , then what all ports will be allowed

https://support.f5.com/csp/article/K17333

2) If i ll use custom, then what all port should i allow

Only those needed for your scenario. If you don't have gtm and you don't administer through self IP then udp/1026 but only if you are using that self IP for the cluster.

3) I can for logging into GUI , CLI we are using management IP . So I consider that administration is not manage by Self IP.

Sounds right.

4) Please let me know how i ll identity whether Self IP is being used for cluster communication or not.

From Device Management > Devices, open the BIG-IP you are logged in (self), then from the "Device connectivity" drop down menu check the settings of the different entries to know which IPs are used.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Port Lock down | Impact

F5 Academy at AppWorld 2026

Aswin MK - November 2025 Featured Member

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

Terraform AS3 code for GTM Only.

BIG-IP device fails to install node-inspector

WAF Block Request

AST Configuration Assistance

F5 HA deployment in Azure using Azure Load Balancer

Related Content

Installing and Locking a Specific Version of F5 NGINX Plus

Technical Impacts of Open Banking and Financial Data Exchange on Financial Systems

10 Settings to Lock Down your BIG-IP

Lock Down Your Login

Lock and Key - Encrypting EBS Disk Volumes for BIG-IP AWS Deployments

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS