skip to Main Content
F5 Internet Access Permissions

In F5 BIG-IP and BIG-IQ systems, the necessary internet permissions must be given on the firewall for services that need access to the outside world, such as license activation, firmware download, automatic signature updates.
Permissions can be given as IP address range or hostname. It should be taken into account that IP address ranges may change.

Host name IP address range
(network address/mask bits)
Service/port Service
activate.f5.com 104.219.104.0/21 HTTPS / 443 BIG-IP license activation
BIG-IQ license activation
BIG-IP Automatic Update Check
BIG-IP Automatic Phone Home
api.f5.com 104.219.104.0/21 HTTPS / 443 BIG-IP Automatic Phone Home
Uploads to BIG-IP iHealth
BIG-IQ license usage reporting
callhome.f5.com 104.219.104.0/21 HTTPS / 443 BIG-IP ASM attack signature updates
BIG-IP Automatic Update Check
BIG-IP FPS malware and fraud signature updates
downloads.f5.com 104.219.104.0/21 HTTPS / 443 BIG-IP ISO product and hotfix downloads
BIG-IP ASM attack signature updates
ihealth-api.f5.com 104.219.104.0/21 HTTPS / 443 Uploads to BIG-IP iHealth
login.f5.com 104.219.104.0/21
107.162.185.48
HTTPS / 443 F5 Technical Support portal login including BIG-IP iHealth
supportfiles.f5.com 104.219.104.154
104.219.105.154
104.219.106.154
104.219.107.154
104.219.110.154
104.219.111.154
HTTP / 80
HTTPS / 443
SSH / 22
Uploads to F5 Technical Support
securefiles.f5.com 104.219.104.0/21
107.162.232.131
HTTPS / 443
SSH / 22
Uploads to F5 Technical Support
product.apis.f5.com 35.199.173.84 HTTPS / 443 BIG-IQ usage data collection
downloads-ire-f5.s3.eu-
west-1.amazonaws.com
F5 related products downloads from AWS Ireland

IP Address Intelligence Service Access Permissions

If the IP Address Intelligence Service (IPI) service is used, internet permissions must be given on the firewall in order for the iprepd service to receive database updates automatically.

BIG-IP version IPI Subscription service update server
BIG-IP 15.1.6, 16.1.3, 17.0.0, and later api.bcti.brightcloud.com (default)
localdb-ip-daily.brightcloud.com (base file)
localdb-ip-rtu.brightcloud.com (updates)
localdb-ipv6-daily.brightcloud.com (IPv6 updates)
BIG-IP 15.1.4 and later for BIG-IP 15.1.x branch api.bcti.brightcloud.com (default)
localdb-ip-daily.brightcloud.com (base file)
localdb-ip-rtu.brightcloud.com (updates)
BIG-IP 13.1.0 and later (excluding BIG-IP 15.1.4.x) vector2.brightcloud.com
BIG-IP versions prior to BIG-IP 13.1.0 vector.brightcloud.com

If it is desired to be allowed as an IP, the IP address of the services can be resolved with the nslookup command. It should be noted that IP addresses may change.

nslookup <IPI Subscription service update server>

This Post Has 0 Comments

Leave a Reply

Your email address will not be published.

WAF Selection and Deployment Methods

We are pleased to share the recording of our webinar…

Read more
Back To Top