Forum Discussion

Reginald_Sible1's avatar
Reginald_Sible1
Icon for Nimbostratus rankNimbostratus
Oct 02, 2013

How do you configure a CSS ACL on an F5 LTM? How would the following ACL be applied to the F5

acl 10 clause 21 deny tcp any destination 10.95.201.2 255.255.255.255 eq telnet

 

clause 31 deny udp any destination 10.95.201.2 255.255.255.255 eq 161

 

clause 250 permit any any destination any apply circuit-(VLAN300)

 

clause 38 permit any 10.0.0.0 255.0.0.0 destination 205.157.112.158 sourcegroup ibsdukext

 

clause 16 permit any 10.0.0.0 255.0.0.0 destination 205.157.112.134 sourcegroup Ibsdatext

 

clause 17 permit any 10.0.0.0 255.0.0.0 destination 205.157.112.135 sourcegroup Ibsdbeext

 

clause 24 permit any 10.0.0.0 255.0.0.0 destination 205.157.112.145 sourcegroup ibsdukqaleg

 

clause 25 permit any 10.0.0.0 255.0.0.0 destination 205.157.112.146 sourcegroup ibsdfrqaleg

 

APM
application delivery
deployment
devops
iApps
iRules
microsoft
security

2 Replies

Sort By
  • What_Lies_Bene1's avatar
    What_Lies_Bene1
    Icon for Cirrostratus rankCirrostratus
    Oct 02, 2013

    You've a few options here;

     

    1) Apply a Packet Filter

     

    2) Use an iRule

     

    3) Use AFM (which will ultimately apply a Packet Filter but is far more granular)

     

    Any preferences?

     

  • What_Lies_Bene1's avatar
    What_Lies_Bene1
    Icon for Cirrostratus rankCirrostratus
    Oct 02, 2013

    OK, so the menu path is: Network > Packet Filters. You can apply the filter globally or per VLAN/Tunnel. It should be pretty obvious to you how to build the rules based on your requirements.

     

    Unfortunately without AFM object groups and per Virtual Server filters are not available as far as I know. You might want to consider it. Not sure if it's free or not.