Syncing ASM WAF Policies Between F5 BIG-IP's in Different Datacenters or Cloud Regions
Published Dec 18, 2018
Version 1.0Was this article helpful?
Thank you for the article.
I wasn't aware of the specific ASM ports for policy sync.
"BIG-IP ASM requires the following additional Policy Sync TCP ports: 6123-6128."
I think I read the K13946 multiple times in the past, either was updated, or I missed this important information.
Anyway, the following article says that even if you setup allow none, if the system is in an HA pair there will be exceptions for the HA ports.
https://support.f5.com/csp/article/K17333
What was the configuration for port lockdown for the internal self IP?