GTM / DNS Delivery - Set an exception group of local ports to avoid - Reselect if port matched

Question

This is a unique issue and this solution will not be a permanent one but we have a security agent that is erroneously flagging GTM traffic being balanced to our MS DNS servers. When certain ports are used as the local port by GTM, the security agent on the DCs analyzes this traffic as related to an exploit and locks up DNS. The correct action would be to configure an exception in the agent, but as these agents are not managed by us, this will take some time to coordination. In the interim, I need to create an iRule that leverages a data group contained a list of port numbers that GTM cannot use. If GTM allocates one of these ports as the local port, the irule match should cause GTM to perform a reselect.&nbsp;
My pseudo code kind of looks like this:&nbsp;
when LB_SELECTED
     if GTM local port matches data group DATAGROUP
     reselect&nbsp;
Can this be done with GTM? Is there a better way to do this?       &nbsp;

eric_haupt1 · Answer

Currently testing a data group of integers that contain the ports to avoid. Then parsing against the group with this code:&nbsp;when LB_SELECTED {
       if { [class match [UDP::local_port] equals hbss-port-exception] } {
       LB::reselect
  }
}

Forum Discussion

GTM / DNS Delivery - Set an exception group of local ports to avoid - Reselect if port matched

1 Reply

Recent Discussions

Advise on setting up IRULE

google autenticator broken barcode

Port Group on F5OS network setting

vulnerabilities (CVE-2020-36363), CVE-2016-0736,CVE-2019-6593-FOR VERSION BIGIP LTM-16.1.4

Unwinding the Benefits of Investing in White Label Crypto Wallet

Related Content

Security First, Performance Always: How F5 Drives Citrix VDI Excellence in Application Delivery

except ip from asm logging

Redirect all request except few path

GitOps: Declarative Infrastructure and Application Delivery with NGINX App Protect

What is an Application Delivery Controller - Part I