AFM context

Question

Hi 
i have a question about the AFM context, when i create a rule in the global or the virtual server context with the action accept the VIP will not be reachable, i have to change the action to accept decisively or create the same rule in the virtual server or the global context with action accept so the VIP will be reachable, i got the idea of the firewall context but i do not know the benefits of it or when to use it in a real world scenario?&nbsp;
thanks in advance      &nbsp;

nathe · Answer

What mode is the AFM configured in, ADC or Firewall mode? ADC mode has implicit rules for existing VSs but in Firewall mode you need to explictly create firewall rules. Normally i'd recommend ADC to start with and then move over to Firewall mode once all rules in place. It sounds like the Global Drop context is dropping your traffic if you have to use Accept Decisively, although i can' t be sure. You may need to enable logging for the Global context by enabling a DB key - tmsh modify sys db tm fw.globaldefaultrule log value enable
This might give you more information on why the traffic is being dropped.
As for reasons to use context, then it helps when understanding the firewall requirements on a per application (i.e. per VS) instance. If everything was in the global context you don't have this visbility necessarily.
Hope this helps,
N

Forum Discussion

AFM context

1 Reply

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

VIP is not responding on SYN after enabling other modules like ASM, APM and AFM.

VIP in https that redirect to another vip in https

2026 301a exam

F5OS login with admin/root failed via console

UCS Encryption Question

Related Content

F5 MCP(Model Context Protocol) Server

Managing Model Context Protocol in iRules - Part 3

Managing Model Context Protocol in iRules - Part 1

Managing Model Context Protocol in iRules - Part 2

Introduction to F5 BIG-IP Advanced Firewall Manager (AFM)

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS