Forum Discussion

Willian_Guilher's avatar
Sep 28, 2014

Port-Lockdown Question

I am studying for the 201 exam, and I am in doubt about the Port-Lockdown configuration. The SOL12250 says: http://support.f5.com/kb/en-us/solutions/public/13000/200/sol13250.html Default port lockdown setting: When creating a self IP address using the Configuration utility, the default port lockdown setting in BIG-IP 10.x is Allow Default. When creating Self IP addresses using the bigpipe or tmsh utilities, the default port lockdown setting in BIG-IP 10.x is Allow None. In BIG-IP 11.x, the default port lockdown setting is Allow None.

 

However, when I am setting up the BIG-IP Self-IPs the Internal Interface default permission is set as "Allow Default" and on the external interface it is set to Allow 443 by default, which does not match to what the SOL is mentioning. I am using the 11.4.1 Build 647 HF4 on the vLab. Even the official training manual says that the default on external VLAN self-ip is 443 (https). Port 22 is not allowed on the external VLAN unless explicitly specified with "Allow Custom" What is actually correct? what the SOL says or what the training manual teaches?

 

1 Reply

  • Willian,

     

    The short answer is "both".

     

    Internal and External are special cases, as they are usually created via the configuration wizard, and don't represent the behavior you would see if you were manually creating a vlan from the GUI, TMSH or bigpipe shell.