Forum Discussion
We have seen “Allow Default” for one of the Self IP which carries Production Traffic. If I change it to “Allow None” Service wise what will be the Impact ?
SA https://support.f5.com/csp/article/K17333 talks
about “Overview of port lockdown behaviour” So you need to find out if
there is any port you need to allow. If you must open any ports, you should use Allow Custom.
Regarding 7 mitigation steps for
All network interfaces, It is mentioned in the SA https://support.f5.com/csp/article/K52145254 )
undert “Impact of workaround: Performing the following procedure should not
have a negative impact on your system”
But its important to take note of "Note: If your existing configuration already has
content in the include configuration
(it is no longer the default include none),
you will need to prepend/append your existing included configuration to the
above changes or it will be overwritten."
- SubrunJul 07, 2020Cirrostratus
For Port LockDown thing -- this link ( https://www.youtube.com/watch?v=9OXruCRrEic ) says Port Lock Down has nothing to do with Virtual Server Traffic
- DharminderJul 07, 2020SIRT
Yes you are right. Reason I have shared https://support.f5.com/csp/article/K17333, so that you can verify if your BIGIP needs any port to be opened on self IP which is required. for example ports for any routing protocol, which may also impact production traffic.