Forum Discussion
AltostratusAFM: Is the Network Firewall Policy a higher precedence than the IP Intelligence Policy?
Hi. I'm trying to figure out whether the Network Firewall policy has a higher precedence than IP Intelligence Policy.
My goal is to put a general IP Intelligence policy on a virtual server, but then establish a whitelist of a few IPs using a regular Network Firewall policy that explicitly allows those IPs. But whether that strategy works or not depends on what the precedence of these two policy types are.
2 Replies
Stephan_MierauEmployee
I would say it depends where the items are located. The AFM goes through the policy from Global -> Route Domain -> Virtual Server. If you put your IP whitelist on the Route Domain with accept decisively and the IPI policy to the virtual server, it should work
- Stanislas_Piro2
Cumulonimbus
Hi,
you should look at this drawing:
https://devcentral.f5.com/Portals/0/Users/011/11/11/AFM_Rules_Processing_Logic_2013.03.05.pdf
