Forum Discussion
Assuming you are talking about LTM Virtual Servers, it is useful to distinguish two concepts: a Virtual IP and a Virtual Server. A Virtual IP is just that: an IP addresses for which the BIG-IP may accept traffic. A Virtual Server is a Virtual IP, a port and a protocol. A BIG-IP will reject all traffic that matches a VIP but does not match a Virtual Server -- unless you change the global setting for this, but you have to go out of your way to do that. If, on the other hand, a wildcard VS (that is, a Virtual Server listening on all ports) is defined for a VIP, naturally, traffic for any port will be accepted. Finally, if a VIP matches a self-IP, the self-IP may accept local traffic. But you should avoid this type of configuration.
Ordinarily you should not need an iRule or something similar to prevent traffic.
- Sree_87068Apr 27, 2016NimbostratusThanks for your response . Apologize for not being clear in my query . I am referring to Virtual server . Currently Virtual server is defined as VIP:25 (TCP) & VIP:53(UDP) on LTM running Ver 10.2.4 . But during the scan its been found same VIP is also accepting on VIP: 161 (TCP) & VIP: 8080 . As per my understanding the traffic must be dropped by LTM when traffic is destined to VIP on port which is not defined ..Please do correct me if i am wrong ..