Forum Discussion

Nimbostratus

Nov 14, 2024

Solved

remove ssh after gtm_add/bigip_add/big3d_add ?

Is it okay to remove ssh/tcp 22 off the allowed list on the self IP after running gtm_add/bigip_add/big3d_add or does it need to stay there? I know 4353 has to stay, but I can't find anything that says it's okay for 22 to go away.

security

Aswin_mk
Nov 15, 2024
Hello Joseph_Bernard ,

TCP 4353 must be opened to allow config and status synchronization.But, bigip_add command requires SSH/SCP port opened to exchange SSL keys.After this command is done, SSH port can be blocked.
After blocking ssh you can verify GTM status (wideips, servers, pools).

BR
Aswin

1 Reply

Aswin_mk
MVP
Nov 15, 2024
Hello Joseph_Bernard ,

TCP 4353 must be opened to allow config and status synchronization.But, bigip_add command requires SSH/SCP port opened to exchange SSL keys.After this command is done, SSH port can be blocked.
After blocking ssh you can verify GTM status (wideips, servers, pools).

BR
Aswin

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

remove ssh after gtm_add/bigip_add/big3d_add ?

1 Reply

Security Best Practices for F5 Products

F5 AppWorld 2026 Registration - early bird pricing.

Kostas Injeyan - October 2025 Featured Member

Recent Discussions

HA Failover between two Datacenters

LTM issue Openning new web browser tab

F5 asm/awaf

AST Configuration Assistance

Identify which virtual servers are using a specific SSL certificate

Related Content

Remove alerts showing r-series LCD/Dashboard.

Remove Quotation marks

Removal Cookies on Client Browser

remove www

CVE-2014-3566: Removing SSLv3 from BIG-IP

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS