Forum Discussion

Nimbostratus

Nov 14, 2024

remove ssh after gtm_add/bigip_add/big3d_add ?

Is it okay to remove ssh/tcp 22 off the allowed list on the self IP after running gtm_add/bigip_add/big3d_add or does it need to stay there? I know 4353 has to stay, but I can't find anything that s...

security

Aswin_mk
Nov 15, 2024
Hello Joseph_Bernard ,

TCP 4353 must be opened to allow config and status synchronization.But, bigip_add command requires SSH/SCP port opened to exchange SSL keys.After this command is done, SSH port can be blocked.
After blocking ssh you can verify GTM status (wideips, servers, pools).

BR
Aswin

Aswin_mk

Cumulonimbus

Nov 15, 2024

Hello Joseph_Bernard ,

TCP 4353 must be opened to allow config and status synchronization.But, bigip_add command requires SSH/SCP port opened to exchange SSL keys.After this command is done, SSH port can be blocked.

After blocking ssh you can verify GTM status (wideips, servers, pools).

BR
Aswin

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

remove ssh after gtm_add/bigip_add/big3d_add ?

Recent Discussions

ip x-forwarding

ports are showing open on online scanning tool

Upgrade F5 BIGIP

DNS HM Probe issue

Is XFF a must for ASM WAF DoS

Related Content

Remove Quotation marks

Removing F5 Leaked Credential Check (LCC) config from BIG-IP AWAF

Removal Cookies on Client Browser

Remove subnet from NAT pools without any impact

remove www

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS