In F5 BIG-IP and BIG-IQ systems, the necessary internet permissions must be given on the firewall for services that need access to the outside world, such as license activation, firmware download, automatic signature updates.
Permissions can be given as IP address range or hostname. It should be taken into account that IP address ranges may change.
Host name
IP address range
(network address/mask bits)Service/port
Service
activate.f5.com
104.219.104.0/21
HTTPS / 443
BIG-IP license activation
BIG-IQ license activation
BIG-IP Automatic Update Check
BIG-IP Automatic Phone Home
api.f5.com
104.219.104.0/21
HTTPS / 443
BIG-IP Automatic Phone Home
Uploads to BIG-IP iHealth
BIG-IQ license usage reporting
callhome.f5.com
104.219.104.0/21
HTTPS / 443
BIG-IP ASM attack signature updates
BIG-IP Automatic Update Check
BIG-IP FPS malware and fraud signature updates
downloads.f5.com
104.219.104.0/21
HTTPS / 443
BIG-IP ISO product and hotfix downloads
BIG-IP ASM attack signature updates
ihealth-api.f5.com
104.219.104.0/21
HTTPS / 443
Uploads to BIG-IP iHealth
login.f5.com
104.219.104.0/21
107.162.185.48HTTPS / 443
F5 Technical Support portal login including BIG-IP iHealth
supportfiles.f5.com
104.219.104.154
104.219.105.154
104.219.106.154
104.219.107.154
104.219.110.154
104.219.111.154HTTP / 80
HTTPS / 443
SSH / 22Uploads to F5 Technical Support
securefiles.f5.com
104.219.104.0/21
107.162.232.131HTTPS / 443
SSH / 22Uploads to F5 Technical Support
product.apis.f5.com
35.199.173.84
HTTPS / 443
BIG-IQ usage data collection
downloads-ire-f5.s3.eu-
west-1.amazonaws.com
F5 related products downloads from AWS Ireland
IP Address Intelligence Service Access Permissions
If the IP Address Intelligence Service (IPI) service is used, internet permissions must be given on the firewall in order for the iprepd service to receive database updates automatically.
| BIG-IP version | IPI Subscription service update server |
| BIG-IP 15.1.6, 16.1.3, 17.0.0, and later | api.bcti.brightcloud.com (default) localdb-ip-daily.brightcloud.com (base file) localdb-ip-rtu.brightcloud.com (updates) localdb-ipv6-daily.brightcloud.com (IPv6 updates) |
| BIG-IP 15.1.4 and later for BIG-IP 15.1.x branch | api.bcti.brightcloud.com (default) localdb-ip-daily.brightcloud.com (base file) localdb-ip-rtu.brightcloud.com (updates) |
| BIG-IP 13.1.0 and later (excluding BIG-IP 15.1.4.x) | vector2.brightcloud.com |
| BIG-IP versions prior to BIG-IP 13.1.0 | vector.brightcloud.com |
If it is desired to be allowed as an IP, the IP address of the services can be resolved with the nslookup command. It should be noted that IP addresses may change.
This Post Has 0 Comments