Forum Discussion

Nimbostratus

Sep 06, 2013

ports to be opened on asm for automatic attack signature updates

What ports need to be opened on the ASM to allow automatic attack signature updates? How can we be notified when an update is applied? Via email, ideally.

management

security

ltwagnon

Ret. Employee

Sep 06, 2013

This is an excerpt from SOL8217 (http://support.f5.com/kb/en-us/solutions/public/8000/200/sol8217.html) regarding ports for signature updates on the ASM:

If your BIG-IP ASM system is behind a firewall, you should allow access for the following host servers, DNS servers, and ports so that the BIG-IP ASM system can obtain the attack signature updates:

•Host servers

callhome.f5.com port 443

activate.f5.com port 443

•DNS servers

The firewall should allow port 53 access for the DNS name server(s) configured for use by the BIG-IP ASM system.

Additionally, if the BIG-IP ASM has not been configured with a reachable DNS name server, it will attempt to use an F5 DNS nameserver configured in the /var/ts/etc/services.ini file. The firewall should allow port 53 access for the IP addresses listed for the prod_dns_server= setting in this file.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)