Forum Discussion

rp1210_121071's avatar
rp1210_121071
Icon for Nimbostratus rankNimbostratus
Sep 06, 2013

ports to be opened on asm for automatic attack signature updates

What ports need to be opened on the ASM to allow automatic attack signature updates? How can we be notified when an update is applied? Via email, ideally.

 

management
security

1 Reply

  • ltwagnon's avatar
    ltwagnon
    Ret. Employee
    Sep 06, 2013

    This is an excerpt from SOL8217 (http://support.f5.com/kb/en-us/solutions/public/8000/200/sol8217.html) regarding ports for signature updates on the ASM:

     

    If your BIG-IP ASM system is behind a firewall, you should allow access for the following host servers, DNS servers, and ports so that the BIG-IP ASM system can obtain the attack signature updates:

     

    •Host servers

     

    callhome.f5.com port 443

     

    activate.f5.com port 443

     

    •DNS servers

     

    The firewall should allow port 53 access for the DNS name server(s) configured for use by the BIG-IP ASM system.

     

    Additionally, if the BIG-IP ASM has not been configured with a reachable DNS name server, it will attempt to use an F5 DNS nameserver configured in the /var/ts/etc/services.ini file. The firewall should allow port 53 access for the IP addresses listed for the prod_dns_server= setting in this file.