Forum Discussion
Subrun
Cirrostratus
CirrostratusQuery regarding Port LockDown and HTTPD Process Update // K52145254
Regarding Temporary Mitigation with Self IP ( https://support.f5.com/csp/article/K52145254 ) We have seen “Allow Default” for one of the Self IP which carries Production Traffic. If I change i...
Dharminder
SIRT
SIRTWe have seen “Allow Default” for one of the Self IP which carries Production Traffic. If I change it to “Allow None” Service wise what will be the Impact ?
SA https://support.f5.com/csp/article/K17333 talks
about “Overview of port lockdown behaviour” So you need to find out if
there is any port you need to allow. If you must open any ports, you should use Allow Custom.
Regarding 7 mitigation steps for
All network interfaces, It is mentioned in the SA https://support.f5.com/csp/article/K52145254 )
undert “Impact of workaround: Performing the following procedure should not
have a negative impact on your system”
But its important to take note of "Note: If your existing configuration already has
content in the include configuration
(it is no longer the default include none),
you will need to prepend/append your existing included configuration to the
above changes or it will be overwritten."
SubrunCirrostratus
CirrostratusFor Port LockDown thing -- this link ( https://www.youtube.com/watch?v=9OXruCRrEic ) says Port Lock Down has nothing to do with Virtual Server Traffic
- Dharminder
Yes you are right. Reason I have shared https://support.f5.com/csp/article/K17333, so that you can verify if your BIGIP needs any port to be opened on self IP which is required. for example ports for any routing protocol, which may also impact production traffic.