Forum Discussion

IRONMAN's avatar
IRONMAN
Icon for Cirrostratus rankCirrostratus
Jun 15, 2020

Standard Virtual server with Internet facing with AFM rules

I am having one Internet facing standard virtual server, IP x. It is has SNAT IP y. with pool member IP Z.

My Questions his, I have AFM with ADC mode, where Virtual server allow, Global context is deny.

I am planning to apply Global context rule list with policy to allow the traffic from internet with allow only 443.

No policy to virtual server!

 

Any suggestion

 

Global Context rule:

Do i need to create rule for this Standard virtual server for external to IP X?

Do i need to create rule for SNAT IP y to Pool member IP Z?

Do I need to create rule from external to Pool member Z?

 

How F5 process the traffic after Passed VIP(Listener ), for firewall matching?

As per packet flow, First it will place and match for Listener , post that it check the AFM rules,?

 

My version 14.1.2.3

 

 

 

 

No RepliesBe the first to reply