Forum Discussion
NimbostratusIs AFM decrypt SSL traffic and how ?
Hi Team,
I was stuck into a statement "AFM defends against threats to network layer3-4, stopping them before they reach your data center."
- Does AFM can see upper layer protocol http,dns ,ssl ?
- If yes, how AFM can see the SSL traffic and decrypt it ?
- How AFM is different from LTM which can see the upper layer protocol?
Please help me to get my doubt clear.
Thanks much !!
1 Reply
Samir_Jha_52506Noctilucent
1. Does AFM can see upper layer protocol http,dns ,ssl ?Yes, Basically (AFM) is a high-performance, stateful, full-proxy network security solution designed to guard against incoming threats that enter the network on the most widely deployed protocols(http, SSL, etc).
2. If yes, how AFM can see the SSL traffic and decrypt it ?Its check the behavior of the packet. SSL traffic encryption/description is down by LTM module.
3. How AFM is different from LTM which can see the upper layer protocol?Cool, AFM - Network firewall for Layer 3/4. It is application-eccentric because firewall rules are tied to your applications. When you decommission an application, you can also safely remove the firewall rules associated with the applications. This makes your ACL more efficient and cleaner. Also, F5's firewall is proxy-based unlike state-ful inspection firewalls. Protects from Network Layer attacks like SYNC Flood, TTL exceded etc.LTM doesn't have all these feather like AFM. Please go through below link.
https://devcentral.f5.com/articles/afm-architecture-18505
https://devcentral.f5.com/articles/packet-tracing-in-big-ip-afm-25952
