Forum Discussion

Joseph_Bernard's avatar
Joseph_Bernard
Icon for Nimbostratus rankNimbostratus
Nov 14, 2024

remove ssh after gtm_add/bigip_add/big3d_add ?

Is it okay to remove ssh/tcp 22 off the allowed list on the self IP after running gtm_add/bigip_add/big3d_add or does it need to stay there?  I know 4353 has to stay, but I can't find anything that says it's okay for 22 to go away.

  • Hello Joseph_Bernard ,

     

    TCP 4353 must be opened to allow config and status synchronization.But, bigip_add command requires SSH/SCP port opened to exchange SSL keys.After this command is done, SSH port can be blocked.

    After blocking ssh you can verify GTM status (wideips, servers, pools). 

     

    BR
    Aswin

  • Hello Joseph_Bernard ,

     

    TCP 4353 must be opened to allow config and status synchronization.But, bigip_add command requires SSH/SCP port opened to exchange SSL keys.After this command is done, SSH port can be blocked.

    After blocking ssh you can verify GTM status (wideips, servers, pools). 

     

    BR
    Aswin