For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Deep_287674's avatar
Deep_287674
Icon for Nimbostratus rankNimbostratus
Aug 29, 2016

ACL matches per rule Context(Enforced) on F5 ASM

Hi All, When I go to

F5 >> Security ›› Reporting : Network : Enforced Rules ACL matches per rule Context(Enforced).

It shows Virtual Server622,780 Global111,203

 

AggregatedSelf IP1,336

 

/Common/BRIDGE-VLAN-GROUP_self_ipSelf IP603

 

/Common/App_x.x.x.x_VIPVirtual Server2

 

OverallN/A733,645 
   These are ACL matches per rule context.Please explain where is ACL and how this value depends on it.
AFM
ASM Advanced WAF
security

2 Replies

  • jgranieri's avatar
    jgranieri
    Icon for Nimbostratus rankNimbostratus
    Aug 30, 2016

    Do you have AFM provisioned as well? it sounds like you do. if you see below the graph there should be a details section. keep clicking down further on the blue highlighted item to find the AFM ACL. you could either have AFM configured global context or on a per VS with rules

     

  • Richard_Karon's avatar
    Richard_Karon
    Icon for Employee rankEmployee
    Aug 30, 2016

    @jgranieri is on track here.

     

    1. Looking at the path you mention, you can see I bolded Network with is an AFM indicator.

    F5 >> Security ›› Reporting : Network : Enforced Rules ACL matches per rule Context(Enforced).

     

    Also the division of the context into the catagories you identified is also AFM terminology: Various contexts include Context is processed in this order:

     

    1. > Global
    2. > Route domain
    3. > Virtual server/self IP
    4. > Management port*
    5. > Global reject*

    Depending on version, you can find this information on askf5 Firewall Context info