Port Lockdown

Question

Hi:
&nbsp;Really stupid simple question here, but I want to make sure that I have my facts straight on port lockdown before I implement it and I've never worked with it before, so I don't want to upset any of my customers. &nbsp;
&nbsp;The way I understand port lockdown, it only involves traffic that is sourced from a host with the destination address being the F5's self-IP. So if you set the port lockdown setting to None, the Self-IP won't accept any connections with itself as the destination, but traffic going through the Self-IP with another destination will flow just fine ( from a server trying to talk to www.mydomain.com that has F5 set as its default gateway). &nbsp;
&nbsp;Is that correct?

nathe · Answer

FL 
&nbsp;  
&nbsp; That's how I understand it. Port Lockdown is used to limit access the self-ip address itself, rather than the scenario you outline. It's a feature to secure the interface. 
&nbsp;  
&nbsp; One thing to mention - if the system is part of a redundant pair then Allow Default is the suggested option. If you click on Help on that screen it will give you a list of the allowed protocols / services when this is selected. 
&nbsp;  
&nbsp; N

Forum Discussion

Port Lockdown

1 Reply

The New F5 Certified BIG-IP Administrator Certification Exams Now Live

F5 Academies Are Back – And We’re Coming to a City Near You

Recent Discussions

VMware Horizon app and X-Forwarded-For

Requests with 307 responses not logged (missing) in ASM events

Create cipher group in f5

Big-IP sending Health Check to not-used Node-IP

Mgmt Interface Shows Up as TMM

Related Content

Ps Self Ip Port Lockdown

iControl 101 - #20 - Port Lockdown

Post of the Week: Port Lockdown

"Port lockdown" option for SNAT pool addresses?

Three Ways to Specify Multiple Ports on a Virtual Server

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS