Luca_55898
Feb 08, 2013Nimbostratus
Brand new GTM deployment
hi,
i'm deploying two brand new GTMs, one in each DC.
I have configured synchronization groups using the external (public) self IP on each GTM
The port lockdown settings for each self IP are just 'allow default' but i'd like to tighten this up since I don't need to have management access from the external self IP.
So if I define a customized portlock down list, what exactly do I need to have allowed so the two GTM's can sync their config and monitor each other?
Obviosuly TCP/UDP 4353 is needed,
But what else?
Also - is it an OK design to have the two GTMs synchronizing their config over the public internet?
I could do it internally however it seems better to do it over the internet since they are more or less public internet DNS servers..
Thanks!