Forum Discussion
1 Reply
- ltwagnonRet. Employee
This is an excerpt from SOL8217 (http://support.f5.com/kb/en-us/solutions/public/8000/200/sol8217.html) regarding ports for signature updates on the ASM:
If your BIG-IP ASM system is behind a firewall, you should allow access for the following host servers, DNS servers, and ports so that the BIG-IP ASM system can obtain the attack signature updates:
•Host servers
callhome.f5.com port 443
activate.f5.com port 443
•DNS servers
The firewall should allow port 53 access for the DNS name server(s) configured for use by the BIG-IP ASM system.
Additionally, if the BIG-IP ASM has not been configured with a reachable DNS name server, it will attempt to use an F5 DNS nameserver configured in the /var/ts/etc/services.ini file. The firewall should allow port 53 access for the IP addresses listed for the prod_dns_server= setting in this file.