Forum Discussion

Altostratus

Apr 13, 2015

Blocking icmp to VS using AFM

Hi,

I tried to use AFM to block icmp traffic to VS (or rather VIP). Seems to be not working, so is that by design or I am doing something wrong (I tested blocking http to http vs and it's working). Is only way to block icmp to given VIP either to create Packet Filter (tested and working) or disable ICMP in VIP settings (I guess for 11.5+ versions only).

Piotr

Steve_Brown_882
Apr 13, 2015
Try creating a global context rule that drops ICMP destined for the virtual address. This should work.

~Steve

Steve_Brown_882
Historic F5 Account
Apr 13, 2015
Try creating a global context rule that drops ICMP destined for the virtual address. This should work.

~Steve
- dragonflymr
  Cirrostratus
  Apr 13, 2015
  Hi, Well, it's working! I just wonder why VS context rule is not working but global is working? I guess I figured it out but if you can confirm: So ping is actually handled by VIP not VS so it's answered before traffic hits VS where VS context rule for rejecting ping is implemented - am I close? Piotr