ssh and iQuery via non-management interfaces?

Question

Is it possible to have iQuery (and the SSH sessions where keys/certs are exchange for it) to happen over non-management interfaces?  For a variety of reasons, I'd rather have the LTMs and GTMs talking amongst themselves via the regular interfaces, but it looks like the LTMs are ignoring ssh connections to their non-management interfaces as a tcpdump shows a series of SYNs without answers.&nbsp;
&nbsp;The documentation on iQuery and bigip_add etc doesn't specify what interfaces can and cannot be used for this.&nbsp;
&nbsp;Suggestions?  Pointers to more info?&nbsp;
&nbsp;Thanks!
&nbsp;--r&nbsp;

hamish · Answer

You can... but 
&nbsp;  
&nbsp; A. I don't recommend it. 
&nbsp; B. You need to enable services on the self-ip addresses involved... (I set all my port-lockdowns to Allow None. You can set ALl, default or custom as well) 
&nbsp;  
&nbsp; H

jason_40733 · Answer

Our professional services installation from F5 specifically stated that the iquery between GTMS &amp; LTMs will not occur over the mgmt interfaces.   We specifically use self-ips on the RFC1918 networks with only those ports allowed to do synchronization.  We were told that it was the F5 best practices.   Correct me if I'm wrong though. 
&nbsp;  
&nbsp; If memory serves,  trying to iquery to the mgmt interface consistently failed when doing the initial setup.

Forum Discussion

ssh and iQuery via non-management interfaces?

Recent Discussions

MAC address of deleted VS IP address still responsive

Different common name ssl acces 403 forbiddent

TMSH Command to list ASM policies not attached to any virtual servers in all partitions

dynamic signature detection

DNS HM Probe issue

Related Content

GTM and LTM iquery issues

Application Programming Interface (API) Authentication types simplified

vCMP logical interfaces throughput

DNS/iQuery Question - Design Consideration

Lightboard Lessons: F5 BIG-IP DNS (GTM) iQuery Protocol Overview

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS