Forum Discussion

Fozail_183609's avatar
Fozail_183609
Icon for Nimbostratus rankNimbostratus
Mar 31, 2017

Will traffic be blocked or processed further if "Global" context is set to Reject

Dear Expert,

 

I have F5 running 12.1.2, AFM is licensed and provisioned.

 

I can see only two options for "Global Context" by navigating "Security ›› Options : Network Firewall", either it could be "Reject" or "Drop".

 

If I keep it as default "Reject", as context it "Global" all packet will first hit this match and it will get dropped or it will be matched and processed further.

 

Please suggest.

 

1 Reply

  • Although firewall rules in the global context are processed first, the global default action (drop/reject) is only applied last after all rules in all other contexts have been evaluated. In other words, if no rule in any context has matched this incoming connection, the global default action is taken. (Note that management port traffic is not handled by the global default.)

     

    See the Policies and Implementations Guide for further details.