Forum Discussion
Change default firewall policy for new Virtual Servers
So If I want to use Global policies, How can I over come the issue with default policy because in F5: every virtual server has a default policy to drop everything.
That is not correct.
The system has a default deny design. To pass traffic via the system, you need a listener, that is normally a virtual server. The listener will only handle traffic that matches its configuration. That can be a combination of source/destination/vlan, etc...
If you setup a virtual server with source 0.0.0.0/0, destination 10.10.10.0/24, all protocols and vlans. It will handle traffic with a destination in the network 10.10.10.0/24, and anything else will just be dropped by the system (not the virtual server).
You can setup a forward virtual server with source 0.0.0.0/0 and destination 0.0.0.0/0, all protocols and vlans. That will basically pass any traffic, and you can then filter in the AFM what you want.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com