Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IQ Platform
Known Affected Versions:
5.0.0, 5.0.0 HF1, 5.4.0 HF1, 5.4.0 HF2, 5.1.0
Opened: Oct 25, 2016 Severity: 2-Critical
Firewall rules intended to restrict access to an ant daemon running on the system might incorrectly interfere with managed device traffic generated by the BIG-IQ system on port 54321.
This may result in managed device being incorrectly marked unavailable.
BIG-IQ connection to managed devices with source port "54321".
As a workaround, add these iptables commands to the '/config/startup' script, and reboot the BIG-IQ system (or manually run these commands once). These commands modify the firewall rule to prevent interference with managed device traffic: /sbin/iptables -D INPUT -p tcp --dport 54321 -j REJECT --reject-with icmp-port-unreachable /sbin/iptables -D INPUT -p tcp -m tcp --dport 54321 --tcp-flags ACK,SYN SYN -j REJECT --reject-with tcp-reset /sbin/iptables -A INPUT -p tcp -m tcp --dport 54321 --tcp-flags ACK,SYN SYN -j REJECT --reject-with tcp-reset
None