Port-Lockdown Question
I am studying for the 201 exam, and I am in doubt about the Port-Lockdown configuration. The SOL12250 says: http://support.f5.com/kb/en-us/solutions/public/13000/200/sol13250.html Default port lockdown setting: When creating a self IP address using the Configuration utility, the default port lockdown setting in BIG-IP 10.x is Allow Default. When creating Self IP addresses using the bigpipe or tmsh utilities, the default port lockdown setting in BIG-IP 10.x is Allow None. In BIG-IP 11.x, the default port lockdown setting is Allow None.
However, when I am setting up the BIG-IP Self-IPs the Internal Interface default permission is set as "Allow Default" and on the external interface it is set to Allow 443 by default, which does not match to what the SOL is mentioning. I am using the 11.4.1 Build 647 HF4 on the vLab. Even the official training manual says that the default on external VLAN self-ip is 443 (https). Port 22 is not allowed on the external VLAN unless explicitly specified with "Allow Custom" What is actually correct? what the SOL says or what the training manual teaches?