For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

brahim94_11525's avatar
brahim94_11525
Icon for Nimbostratus rankNimbostratus
Jun 11, 2014

[AFM] Log implicite drop rule

Hi,

 

I have modified the global-network log profile to activate local log (by selecting local-ddb -publisher), the profile is associated with all VS but the implicite drop rule for all the context is not logged.

 

Is-it possible to log all drop rule ?

 

Thank you,

 

Best regards

 

advanced firewall manager

5 Replies

  • Thomas_Gobet's avatar
    Thomas_Gobet
    Icon for Nimbostratus rankNimbostratus
    Jun 11, 2014

    Hi,

     

    You can't modify the implicite rule.

     

    You have to define a "default" global rule with the log statement activated.

     

    The result will be the same than what you wanted.

     

  • Thomas_Gobet's avatar
    Thomas_Gobet
    Icon for Nimbostratus rankNimbostratus
    Jun 11, 2014

    Yes, for every VS.

     

    If your trafic is under global level, you just need one global rule.

     

  • Steve_Brown_882's avatar
    Steve_Brown_882
    Historic F5 Account
    Jun 12, 2014

    You can change the log settings on the default action without creating an explicit rule. There is a DB key that can be changed in TMSH for the Global/Route-Domain context along with one for the Virtual Server/SelfIP context. I would be sure that the log server can keep up prior to changing these keys but other than that you should be ok.

     

    Global Context - tmsh modify sys db tm.fw.globaldefaultrule.log value enable VS Context - tmsh modify sys db tm.fw.defaultrule.log value enable