filtering
3 TopicsF5 BIG-IP how to disable ICMP redirect?
I noticed that in Network -> Packet Filtering one can enable checkbox "Always accept important ICMP". However I don't really see any other option to precisely specify which ICMP types and codes should be accepted. Precisely I'd like to accept fragmentation needed messages because jumbo frames are actively used in network but I don't want ICMP redirect messages to be accepted and interpreted. So is there any way to precisely point out which ICMP types should pass packet filtering?544Views0likes0CommentsAllow downloads but not uploads from Online Storage (Google Drive)
We currently use a BIG-IP 7250 as a forward web proxy. I've had a request from high up the management chain to allow downloads a specific 3rd Parties Google Drive space, but not allow uploads. We block the "Personal Network Storage and Backup" URL Category in our standard policy. Is there a feature on the device which would allow this fine grained level of control out of the box, or would we be looking at putting in a custom iRule for this? Traffic intelligence looked promising, but I couldn't find exactly what I was looking for. Many thanks297Views0likes1CommentCan I change the default ephemeral ports that the F5 uses for health monitoring?
Currently I see that my F5 is reaching out to the servers in my server pools on low ephemeral ports for health monitoring. For example, I have a health monitor for DNS so that the F5 reaches out to the DNS servers to ensure that DNS is working properly. The source port coming from the F5 has a huge range from sometimes 7000 up to 65535. We are trying to standardize the ephemeral ports used in our datacenter to use the standard Microsoft ephemeral ports, 49152 - 65535 for ACI filtering. Can I manually change which ports the F5 uses to send requests on? I know we are currently doing this with Linux servers, so I'd like to do it with the F5s as well.1KViews0likes16Comments