...
Table1-1: Port requirements for LCP communication.
Source | Destination | Port | Description |
F5 BIG-IP AFM | LCP | 514 (UDP) or 601 (TCP) | Default port |
Configuring F5 BIG-IP AFM
...
6. In the Service Port field, type a service number or select a service name from the list.
...
Note: Ensure that you have configured the correct remote logging port.
...
Table 1-2: The F5 BIG IP AFM event collector (3753 - Syslog) properties to be configured by MDR are shown in the table.
Property | Default Value | Description |
Protocol | UDP | The default protocol for syslog. The collector can also accept logs in TCP. Note: While TCP offers guaranteed delivery of log packets, it places a larger overhead on the LCP. To balance TCP for reliability over UDP for speed/simplicity, contact the MDR onboarding team. |
IP Address | F5 BIG IP AFM IP Address | Logging device IP address mentioned in the Pre-Installation Questionnaire (PIQ). Note: If the device sends logs using multiple interfaces, contact the MDR onboarding team. |
Signatures | F5 | Advanced Firewall Module, F5 | PSM | MDR recommended signatures processed by the F5 BIG IP AFM event collector. |
Port Number | 514 | The default port for UDP. For TCP, the default port is 601. Note: The LCP can be configured to listen on a non-standard port. Please advise the MDR onboarding team if this is a requirement. |