Manual Chapter :
Managing Port Lists
Applies To:
Show Versions
BIG-IQ Centralized Management
- 7.1.0
Managing Port Lists
About port lists
Port lists
are collections of ports, port ranges, or port lists that can be
assigned to firewall rules.Firewall rules use port lists to allow or deny access to specific ports in IP packets. They
compare a packet's source port and/or destination port with the ports in a port list. If there is
a match, the rule takes an action, such as accepting or dropping the packet. Port lists must
contain at least one entry. You cannot create an empty port list; you cannot remove an entry in a
port list if it is the only one.
Before nesting a port list inside
a port list, check to be sure this option is supported on the BIG-IP device
where you intend to deploy the port list.
Create port lists
You create port lists so that you
can use them when creating firewall rules.
- Click .
- ClickCreate.The New Port List screen opens.
- On the left, clickPropertiesand specify the settings for the port list.
- In theNamesetting, type a unique name for the port list.
- In theDescriptionsetting, type an optional description for the port list.
- In thePartitionsetting, type a different partition if needed. TheCommonpartition is the default.
- On the left, clickPorts.You must supply at least one entry in the port list, such as a port, port list, or port range.The screen displays a blank port entry template for you to complete.
- In the Type column, supply the type of port entry to add to the port list.
- To add a single port, selectPort.
- To add a port list, selectPort List.
- To add a range of ports, selectPort Range.
Before nesting a port list inside a port list, check that this option is supported on the specific version of your BIG-IP device. - In the Ports column, supply the port details for the port type you selected.
- If you selectedPortas the type, type a port number.
- If you selectedPort Listas the type, select the name of the port list.
- If you selectedPort Rangeas the type, type the beginning and ending port numbers.
- In the Description column, provide an optional meaningful description of the port entry.
- To add more than one port entry to the port list, click the+in theAdd/Removecolumn, and provide the details.ClickUpdateto update and save the port entry you are currently editing.
- Continue to add or delete ports until the port list is complete.
- ClickSaveto save your work on the port list.
Edit port lists
You edit port lists to change the
properties of the port list, or to add, modify, or remove port entries from the port
list, or both.
- Click .
- Click the name of the port list to edit.
- If you are modifying the port list description, clickProperties, and type or modify theDescriptionsetting.Only the description property can be modified.
- If you are modifying the port entries, on the left, clickPorts.
- Add, modify, or delete port entries in the port list.
- To modify a port entry, click the pencil icon in that row.
- To delete a port entry, clickXin theAdd/Removecolumn.
- To add a port entry, click+in theAdd/Removecolumn.
A port list must contain at least one port entry. - If you are adding or modifying a port entry, supply or modify the settings.
- In the Type column, supply the type of port entry to add to the port list.
- To add a single port, selectPort.
- To add a port list, selectPort List.
- To add a range of ports, selectPort Range.
Before nesting a port list inside a port list, check that this option is supported on the specific version of your BIG-IP device. - In the Ports column, supply the port details for the port type you selected.
- If you selectedPortas the type, type a port number.
- If you selectedPort Listas the type, select the name of the port list.
- If you selectedPort Rangeas the type, type the beginning and ending port numbers.
- In the Description column, provide an optional meaningful description of the port entry.
- Continue to add, modify, or delete port entries in the port list until the port list is complete.
- Save your work.
Clone port lists
You can clone a port list to create
a copy of it, which you can then edit.
- Click .The Port Lists screen opens.
- Click the check box next to the port list you want to clone.
- ClickClone.A copy of that port list is created with the same name, but with-CLONEappended to the name and a blankDescriptionfield.
- Change the port list as needed.
- Save your work.
The new port list is defined and you
can now assign it to a firewall rule.
Rename port lists
You rename a port list when you want to make that name more accurate or distinct. Renaming a port list causes a new port list to be created and the old port list to be deleted in a single transaction. All references to the old port list are updated to refer to the renamed port list.
- Click .
- Select the check box next to the port list to rename.
- ClickRename.A dialog box displays.
- Enter the new name in the dialog box and clickSave.The BIG-IQ system shows the status of the renaming operation in the dialog box.
- ClickCloseto exit the dialog box.
The port list has been renamed.
Deploy port lists
If you want to do a quicker deployment by only deploying the port list portion of a configuration, you can do a partial deployment of the port list, instead of deploying the entire configuration.
- Click .The Port Lists screen opens.
- Click the check box next to the port list you want included in the partial deployment.
- ClickDeploy.
The system displays the selected port list, with options for partial deployment selected.
Continue the partial deployment process.
Delete port lists
You can delete port lists that you
no longer use to avoid confusion in the user interface.
- Click .The Port Lists screen opens.
- Click the check box next to the port list to delete.
- ClickDelete.
- In the confirmation dialog box that opens, clickDeleteto confirm the removal.
Export port lists
Before you can import address lists, you need to have permissions of the Network Security Editor user role if you do not already.
You can export port lists from a production BIG-IQ to replicate the system in your lab so you can troubleshoot network firewall issues efficiently.
- At the top of the screen, clickConfigurationthen, on the left, click .
- SelectExportand confirm your selection in the popup window.The export process might take about a minute, depending on the size of the port list. There is no maximum number of port lists you may export. You can cancel the export process at any time during the file conversion by selectingCancelin the popup window.BIG-IQ generates a CSV file containing the port lists that will be downloaded onto your local machine.
Once the port lists are compiled into a CSV file, you can upload this file into an editor of choice in your environment for troubleshooting.
Import port lists
Before you can import address lists, you need to have permissions of the Network Security Editor user role if you do not already.
You can create port list entries in a text editor on your local machine and import them as a CSV file into BIG-IQ to save time from doing a manual entry.
- At the top of the screen, clickConfigurationthen, on the left, click .
- SelectImportand confirm your selection in the popup screen.The import process might take about a minute, depending on the number of the port list you are importing. There is no maximum number of port lists you may import. You can close the import popup screen once you finish by selectingCancel.BIG-IQ populates thePort Listspage with your data.
Once the ports lists are imported into BIG-IQ, you can view, clone, delete, deploy, and rename the lists from BIG-IQ, as well as view and edit individual ports within each list.
