Forum Discussion

Nimbostratus

Jan 31, 2023

AFM Default drop counter

I would like to know the purpose of the default drop/reject rule under global context, i.e. what circumstance is this incremented? Creating policies within global/virtual or self IP context do not s...

Ret. Employee

Feb 01, 2023

The manual says: If a packet does not match any rule in any context on the firewall, the Global Reject or Global Drop rule drops the packet (Global Drop) or drops the packet and sends the appropriate reject message (Global Reject) even when the system is in a default allow configuration.

If the counter for Default rule is not incrementing but they are incrementing for Virtual Server or the Self IP, that means there are more specific matches and not hitting the default rule on Global context. Packets dropped on Virtual Server or the Self IP context will not have an affect on the Global counter.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

AFM Default drop counter

Security Best Practices for F5 Products

F5 AppWorld 2026 Registration - early bird pricing.

Kostas Injeyan - October 2025 Featured Member

Recent Discussions

Failed to execute iptable cmd: ," CMD="iptables -A SSH_ALLOW_RULES error

Cannot ping external interface

HA Failover between two Datacenters

LTM issue Openning new web browser tab

F5 asm/awaf

Related Content

TSA Drops Shoes, IoT and Roundup

Multiple Default Gateways

Scanning for CVE-2017-9841 Drops Precipitously

Drop reason counters.rx_portd_rdisc

A Closer Look at mTLS and the Default Server in F5 NGINX

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS