AFM Default drop counter

Question

I would like to know the purpose of the default drop/reject rule under global context, i.e. what circumstance is this incremented?

Creating policies within global/virtual or self IP context do not seem to affect the counter (any accept/deny counters are all incremented within those polices).

Reset stats does not affect the counter value (example below 423 remains the same).

Thankyou in advance.

greasy_pretzel · Answer

The manual says: If a packet does not match any rule in any context on the firewall, the Global Reject or Global Drop rule drops the packet (Global Drop) or drops the packet and sends the appropriate reject message (Global Reject) even when the system is in a default allow configuration.
If the counter for Default rule is not incrementing but they are incrementing for Virtual Server or the Self IP, that means there are more specific matches and not hitting the default rule on Global context. Packets dropped on Virtual Server or the Self IP context will not have an affect on the Global counter.

Forum Discussion

AFM Default drop counter

Recent Discussions

Background Tasks

APM with EntraID as idP / request signed

Should config via cli rather than gui?

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

How do I drop traffic on ASM?

Can the default deny action be changed from drop to reset

Parameteters in default https monitor

Default Attack Signature Sets

CMP v10.0 compatible counters using the session table

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS