Syncing ASM WAF Policies Between F5 BIG-IP's in Different Datacenters or Cloud Regions
Not too long ago, a question in one of my tech talks came up regarding how F5 sync's ASM policies between devices that may not be apart of the same HA Pair. The question derived from experience with ...
Published Dec 18, 2018
Version 1.0
Leonardo_Souza
Cirrocumulus
CirrocumulusThank you for the article.
I wasn't aware of the specific ASM ports for policy sync.
"BIG-IP ASM requires the following additional Policy Sync TCP ports: 6123-6128."
I think I read the K13946 multiple times in the past, either was updated, or I missed this important information.
Anyway, the following article says that even if you setup allow none, if the system is in an HA pair there will be exceptions for the HA ports.
https://support.f5.com/csp/article/K17333
What was the configuration for port lockdown for the internal self IP?