Create a temporary rule (AFM) based on the request

Question

Hi,&nbsp;
I am mimicking the behavior of the FTP auth of checkpoint. I have created the FTP server and now the client has authenticate using the iRule. Now, I would like to create a temporary AFM rule to allow that IP to some other services. Is that possible? Is there any command to do such thing?&nbsp;
Regards,
Arturo.&nbsp;

jrahm · Answer

define temporary? Do you mean dynamically, in that you can create a rule on the fly based on certain conditions, that can also be removed on the fly?

arturo · Answer

Yes! For example, in other firewalls you can authenticate through telnet against a TACACS (I have already done it) and that IP (not the authenticated user) will be allowed to access to any or to a selected port... 456 for example. In checkpoint is named client authentication.&nbsp;
If that does not work, I will use the main table to add that IP and allow every IP to the port 456 and reject users based on that table but... :( &nbsp;
Do you understand me?&nbsp;
Thanks,
Ar.&nbsp;

Forum Discussion

Create a temporary rule (AFM) based on the request

2 Replies

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

How can I get started with iCall

Connection Rest f5

Kubernetes cert-manager + LetsEncrypt + F5

The GSLB pool is providing an incorrect IP to end users

Unable to ping from some self ip on Velos

Related Content

Traffic Management User Interface Vulnerability: The Fix and Temporary Mitigation Options

HTTP Request Smuggling Using Chunk Extensions (CVE-2025-55315)

Create a DevCentral account

Logging DNS Requests

Using Client Subnet in DNS Requests

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS