Forum Discussion

Donald_J_Ross's avatar
Donald_J_Ross
Icon for Cirrus rankCirrus
Jan 22, 2019
Solved

F5 AFM (13.1.1) Using FQDN in rules - troubleshooting

F5 AFM (13.1.1) Using FQDN in rules   I've configured an AFM rule to use FQDN in the destination address field, this works well in my lab environment but fails on the customer site. Both F5s are c...
AFM
application delivery
  • Donald_J_Ross's avatar
    Donald_J_Ross
    Feb 28, 2019

    Thanks for the information, I actullay got a fix from F5 support. As follows;

     

    1- Navigate to 'Network ›› DNS Resolvers : DNS Resolver List' and click on your DNS resolver 'dns-resolver'

     

    2- Under Forward zones, click 'Add' and for the 'Name' Enter the dot sign (.), for the address add one of your above DNS servers addresses.

     

Michael_Saleem's avatar
Michael_Saleem
Icon for MVP rankMVP
Feb 28, 2019

Have you tried checking the AFM DNS cache to see if the FQDN being resolved matches what you are expecting? 

tmsh show security firewall fqdn-info fqdn

Does the FQDN in question resolve to a single IP or multiple IPs?

You can also try enabling FQDN debugging temporarily:

tmsh modify sys db log.fw_fqdn.level value debug

To turn off FQDN debugging:

tmsh modify sys db log.fw_fqdn.level reset-to-default