Firewall rules

You may have a firewall located in front of the servers on which you want GTM to perform liveness tests. To permit liveness tests, your firewalls must have entries added to their Access Control Lists (ACLs) to permit the liveness testing agents to download the test objects.

To help manage this, the portal has a Firewall Rules page that lists the IP addresses of all systems that might need to access your servers. For GTM, watch the entries that have Global Traffic Management in the Service column. If you have an ACL, make sure that you enter all of the systems listed in the Firewall Rules page into your ACL.

To access the Firewall Rules page, log in to Control Center. From the main menu, select Common Services > Origin firewall change notifications > Manage Subscriptions, and subscribe to the "Global Traffic Management" service.

To optimize cost and performance, new liveness testing agents are sometimes provisioned, liveness testing agents in data centers that are closing or have become too costly are decommissioned, and liveness testing agents whose hardware has become old or troublesome are replaced. As a result, the pool of available liveness testing agents can change from time to time.

When a new liveness testing agent is placed into service, it is first entered on the Firewall Rules page with an effective date about six weeks in the future. Clicking Manage Subscriptions on the Firewall Rules Notification page lets you subscribe to email notifications that are sent whenever IP addresses are added or deleted here. GTM will not begin using a liveness testing agent until its effective date has arrived. Therefore, if you subscribe for email notifications, you will have about six weeks to update your ACL.