Manual Chapter : Managing Port Lists

Applies To:

Show Versions Show Versions

BIG-IQ Centralized Management

  • 7.1.0
Manual Chapter

Managing Port Lists

About port lists

Port lists
are collections of ports, port ranges, or port lists that can be assigned to firewall rules.
Firewall rules use port lists to allow or deny access to specific ports in IP packets. They compare a packet's source port and/or destination port with the ports in a port list. If there is a match, the rule takes an action, such as accepting or dropping the packet. Port lists must contain at least one entry. You cannot create an empty port list; you cannot remove an entry in a port list if it is the only one.
Before nesting a port list inside a port list, check to be sure this option is supported on the BIG-IP device where you intend to deploy the port list.

Create port lists

You create port lists so that you can use them when creating firewall rules.
  1. Click
    Configuration
    SECURITY
    Network Security
    Port Lists
    .
  2. Click
    Create
    .
    The New Port List screen opens.
  3. On the left, click
    Properties
    and specify the settings for the port list.
    1. In the
      Name
      setting, type a unique name for the port list.
    2. In the
      Description
      setting, type an optional description for the port list.
    3. In the
      Partition
      setting, type a different partition if needed. The
      Common
      partition is the default.
  4. On the left, click
    Ports
    .
    You must supply at least one entry in the port list, such as a port, port list, or port range.
    The screen displays a blank port entry template for you to complete.
  5. In the Type column, supply the type of port entry to add to the port list.
    • To add a single port, select
      Port
      .
    • To add a port list, select
      Port List
      .
    • To add a range of ports, select
      Port Range
      .
    Before nesting a port list inside a port list, check that this option is supported on the specific version of your BIG-IP device.
  6. In the Ports column, supply the port details for the port type you selected.
    • If you selected
      Port
      as the type, type a port number.
    • If you selected
      Port List
      as the type, select the name of the port list.
    • If you selected
      Port Range
      as the type, type the beginning and ending port numbers.
  7. In the Description column, provide an optional meaningful description of the port entry.
  8. To add more than one port entry to the port list, click the
    +
    in the
    Add/Remove
    column, and provide the details.
    Click
    Update
    to update and save the port entry you are currently editing.
  9. Continue to add or delete ports until the port list is complete.
  10. Click
    Save
    to save your work on the port list.

Edit port lists

You edit port lists to change the properties of the port list, or to add, modify, or remove port entries from the port list, or both.
  1. Click
    Configuration
    SECURITY
    Network Security
    Port Lists
    .
  2. Click the name of the port list to edit.
  3. If you are modifying the port list description, click
    Properties
    , and type or modify the
    Description
    setting.
    Only the description property can be modified.
  4. If you are modifying the port entries, on the left, click
    Ports
    .
  5. Add, modify, or delete port entries in the port list.
    • To modify a port entry, click the pencil icon in that row.
    • To delete a port entry, click
      X
      in the
      Add/Remove
      column.
    • To add a port entry, click
      +
      in the
      Add/Remove
      column.
    A port list must contain at least one port entry.
  6. If you are adding or modifying a port entry, supply or modify the settings.
  7. In the Type column, supply the type of port entry to add to the port list.
    • To add a single port, select
      Port
      .
    • To add a port list, select
      Port List
      .
    • To add a range of ports, select
      Port Range
      .
    Before nesting a port list inside a port list, check that this option is supported on the specific version of your BIG-IP device.
  8. In the Ports column, supply the port details for the port type you selected.
    • If you selected
      Port
      as the type, type a port number.
    • If you selected
      Port List
      as the type, select the name of the port list.
    • If you selected
      Port Range
      as the type, type the beginning and ending port numbers.
  9. In the Description column, provide an optional meaningful description of the port entry.
  10. Continue to add, modify, or delete port entries in the port list until the port list is complete.
  11. Save your work.

Clone port lists

You can clone a port list to create a copy of it, which you can then edit.
  1. Click
    Configuration
    SECURITY
    Network Security
    Port Lists
    .
    The Port Lists screen opens.
  2. Click the check box next to the port list you want to clone.
  3. Click
    Clone
    .
    A copy of that port list is created with the same name, but with
    -CLONE
    appended to the name and a blank
    Description
    field.
  4. Change the port list as needed.
  5. Save your work.
The new port list is defined and you can now assign it to a firewall rule.

Rename port lists

You rename a port list when you want to make that name more accurate or distinct. Renaming a port list causes a new port list to be created and the old port list to be deleted in a single transaction. All references to the old port list are updated to refer to the renamed port list.
  1. Click
    Configuration
    SECURITY
    Network Security
    Port Lists
    .
  2. Select the check box next to the port list to rename.
  3. Click
    Rename
    .
    A dialog box displays.
  4. Enter the new name in the dialog box and click
    Save
    .
    The BIG-IQ system shows the status of the renaming operation in the dialog box.
  5. Click
    Close
    to exit the dialog box.
The port list has been renamed.

Deploy port lists

If you want to do a quicker deployment by only deploying the port list portion of a configuration, you can do a partial deployment of the port list, instead of deploying the entire configuration.
  1. Click
    Configuration
    SECURITY
    Network Security
    Port Lists
    .
    The Port Lists screen opens.
  2. Click the check box next to the port list you want included in the partial deployment.
  3. Click
    Deploy
    .
The system displays the selected port list, with options for partial deployment selected.
Continue the partial deployment process.

Delete port lists

You can delete port lists that you no longer use to avoid confusion in the user interface.
  1. Click
    Configuration
    SECURITY
    Network Security
    Port Lists
    .
    The Port Lists screen opens.
  2. Click the check box next to the port list to delete.
  3. Click
    Delete
    .
  4. In the confirmation dialog box that opens, click
    Delete
    to confirm the removal.

Export port lists

Before you can import address lists, you need to have permissions of the Network Security Editor user role if you do not already.
You can export port lists from a production BIG-IQ to replicate the system in your lab so you can troubleshoot network firewall issues efficiently.
  1. At the top of the screen, click
    Configuration
    then, on the left, click
    SECURITY
    Network Security
    Network Firewall
    Port Lists
    .
  2. Select
    Export
    and confirm your selection in the popup window.
    The export process might take about a minute, depending on the size of the port list. There is no maximum number of port lists you may export. You can cancel the export process at any time during the file conversion by selecting
    Cancel
    in the popup window.
    BIG-IQ generates a CSV file containing the port lists that will be downloaded onto your local machine.
Once the port lists are compiled into a CSV file, you can upload this file into an editor of choice in your environment for troubleshooting.

Import port lists

Before you can import address lists, you need to have permissions of the Network Security Editor user role if you do not already.
You can create port list entries in a text editor on your local machine and import them as a CSV file into BIG-IQ to save time from doing a manual entry.
  1. At the top of the screen, click
    Configuration
    then, on the left, click
    SECURITY
    Network Security
    Network Firewall
    Port Lists
    .
  2. Select
    Import
    and confirm your selection in the popup screen.
    The import process might take about a minute, depending on the number of the port list you are importing. There is no maximum number of port lists you may import. You can close the import popup screen once you finish by selecting
    Cancel
    .
    BIG-IQ populates the
    Port Lists
    page with your data.
Once the ports lists are imported into BIG-IQ, you can view, clone, delete, deploy, and rename the lists from BIG-IQ, as well as view and edit individual ports within each list.