Forum Discussion

Nimbostratus

Jan 31, 2023

AFM Default drop counter

I would like to know the purpose of the default drop/reject rule under global context, i.e. what circumstance is this incremented? Creating policies within global/virtual or self IP context do not s...

Ret. Employee

Feb 01, 2023

The manual says: If a packet does not match any rule in any context on the firewall, the Global Reject or Global Drop rule drops the packet (Global Drop) or drops the packet and sends the appropriate reject message (Global Reject) even when the system is in a default allow configuration.

If the counter for Default rule is not incrementing but they are incrementing for Virtual Server or the Self IP, that means there are more specific matches and not hitting the default rule on Global context. Packets dropped on Virtual Server or the Self IP context will not have an affect on the Global counter.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

AFM Default drop counter

Recent Discussions

Background Tasks

APM with EntraID as idP / request signed

Should config via cli rather than gui?

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

How do I drop traffic on ASM?

Can the default deny action be changed from drop to reset

Parameteters in default https monitor

Default Attack Signature Sets

CMP v10.0 compatible counters using the session table

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS