AFM context

Question

Hi 
i have a question about the AFM context, when i create a rule in the global or the virtual server context with the action accept the VIP will not be reachable, i have to change the action to accept decisively or create the same rule in the virtual server or the global context with action accept so the VIP will be reachable, i got the idea of the firewall context but i do not know the benefits of it or when to use it in a real world scenario?&nbsp;
thanks in advance      &nbsp;

nathe · Answer

What mode is the AFM configured in, ADC or Firewall mode? ADC mode has implicit rules for existing VSs but in Firewall mode you need to explictly create firewall rules. Normally i'd recommend ADC to start with and then move over to Firewall mode once all rules in place. It sounds like the Global Drop context is dropping your traffic if you have to use Accept Decisively, although i can' t be sure. You may need to enable logging for the Global context by enabling a DB key - tmsh modify sys db tm fw.globaldefaultrule log value enable
This might give you more information on why the traffic is being dropped.
As for reasons to use context, then it helps when understanding the firewall requirements on a per application (i.e. per VS) instance. If everything was in the global context you don't have this visbility necessarily.
Hope this helps,
N

Forum Discussion

AFM context

1 Reply

Recent Discussions

ltm policy asm_auto_l7_policy

MAC address not showing up in LLDP packet

F5Access | MacOS Sonoma

Active- Active HA setup

syslog server connection

Related Content

Protecting the F5 BIG-IP AFM system with AFM Protocol Inspection System Checks

Enriching AFM with public domain Threat Intelligence

Traffic Intelligence in AFM through Categories

BIG-IP AFM設定例-NAT

BIG-IP Advanced Firewall Manager (AFM) DNS NXDOMAIN Query Attack Type Walkthrough - part two