eesun_276598
Nov 28, 2017Cirrus
What is port lockdown?
Hi I am setting up F5 VE, and I meet "Port Lockdown" when setting up utility, external vlan interface for floating ip. What is port lockdown? how to configure it? Thank you
Hi I am setting up F5 VE, and I meet "Port Lockdown" when setting up utility, external vlan interface for floating ip. What is port lockdown? how to configure it? Thank you
Port Lockdown controls what types of connections will be allowed to the self IP based on protocol and port. You can find a great overview of Port Lockdown behavior here, along with recommendations on how best to use this feature.
eesun,
F5 publishes a K article describing this in great detail. https://support.f5.com/csp/article/K17333
In short, it is a security feature associated with self-IPs that allows you to control what ports and protocols are permitted. I do not know your specific scenario, but a self-IP associated with an external VLAN would probably not be something you would want to set up with a port lockdown of say "allow-default" as that would expose TMUI management. You may want to set something like that to "allow none" or customize the ports allowed. For example, if you are using GTM/DNS and you need the GTM/DNS iQuery functionality to your self-IP on VLAN external, then you would use "allow custom" to specify ports and protocols to allow. I hope this helps!