For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

t-roy's avatar
t-roy
Icon for Nimbostratus rankNimbostratus
Mar 25, 2015

scans reveal ISAKMP port 500 on mgmt port

We just got done doing our security scans and they found a port 500 isakmp listener on our MGMT IF. What is this traffic and can it be turned off? I ran a tcpdump for several minutes on eth0 tcp port 500 and saw nothing. We are running 11.5.1 HF4

 

management
security

1 Reply

  • gsharri's avatar
    gsharri
    Icon for Altostratus rankAltostratus
    Mar 25, 2015

    ISAKMP is involved with IPsec traffic. Since the management interface is controlled by the host subsystem (the Linux OS on BIG-IP) the fact that the port appears open likely means a Linux process is listening here. I'm not sure if IPsec/ISAKMP can be disabled in Linux. Also, the TMOS packet filters do not apply to the management interface so you can't block it there. However, if you have AFM licensed on the box then AFM filters can be applied to the management interface.