Can the IP address of activate.f5.com change? A customer of mine allows their ASM to access the site by IP address in their firewall for signature updates, but a couple of months ago the address changed.
Does anyone know if this is a regular occurrence, or can I reasonably rely on the current address remaining the same? If not, does anyone know what the possible addresses are?
I'll check with IT on activate.f5.com and callhome.f5.com and get back to you. I assume we're using multiple carriers and/or dynamically resolving the hostnames via GTM but will let you know. Hopefully we can provide a full list of all possible IPs and an idea of whether/how frequently they could change.
I'd suggest you consider scripting an update though to the ACL based on the current resolution of the hostnames if that's something your firewall can accommodate.
Edit: I have a ticket open with IT. I'll let you know what I get back.
It looks like a different IP address. Now, i get 22.214.171.124.
In the last years, I changed the IP one more time. From 126.96.36.199 to 188.8.131.52.
I dont know, why they do something like that. Its no nice way. And there was no informations about that.
I have no experience with ASM updates - do you have the capability to configure the endpoint for the updates, or is that hard-coded to activate.f5.com?
One could use whois on a couple of the different IP addresses you've found above to get the full ranges.
there exists a solution paper for the IP addresses: SOL15202
IP addresses for F5 services are documented in article K15202
Look here if you want to know what addresses and ports to allow through your firewall to access activate.f5.com, callhome.f5.com, ihealth etc.
As at today, you really need to allow access to 184.108.40.206/21:443 for any of these.