Forum Discussion

Nimbostratus

Aug 04, 2016

tmsh command to see if a packet stream is allowed or configured as an ACL

referred to https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/bigip-tmsh-11-5-1.pdf?sr=56240631 but it is showing no records found for ACL configured in BigIP. I can see the acl ent...

MVP

Aug 07, 2016

works like a charm for me, as i understand you use this to see which traffic would hit some AFM policy.

so i put a pretty random policy allowing tcp/99 on my virtual server listening to :99 on ip 10.3.22.69

i execute the command below and it shows my just configured AFM policy

user@(bigip-01)(cfg-sync Standalone)(ModuleNotLicensed:Active)(/Common)(tmos) show security firewall matching-rule source-addr 1.1.1.1 dest-addr 10.3.22.69 protocol 6 source-port 2034 dest-port 99 vlan /Common/external
Firewall Matching Rule:
----------------------------------------------------------------------------------
Context Type    Context Name                    Policy Name      Rule Name  Action
----------------------------------------------------------------------------------
Virtual Server  /Common/vs-test_p99  /Common/allow-99  tcp-99     Accept

Total records returned: 1

if it still doesn't work for you are you sure you are putting the right info in there? see this as some kind of traffic generating command.

Forum Discussion

tmsh command to see if a packet stream is allowed or configured as an ACL

Recent Discussions

Disk space full - what files, folders are safe to delete?

ASM instance creation

BIG-IP DNS: Check Status Of Multiple Monitors Against Pool Member

Open Redirection Mitigation

F5Access | MacOS Sonoma

Related Content

Power of tmsh commands using Ansible

Certificate Expiry Email alert configuration

Big-IP add one Allowed Methods to an ASM Security Policy using the command line

Getting Started with BIG-IP Next: Configuring Instance High Availability

allow one url from blocks geolocation