Forum Discussion
ashish_solanki
Cirrus
CirrusPacket Processing Order
Hi All,
I have F5 VM hosted in Azure which is having modules like LTM, DNS, Adv WAF and AFM. Need to know how packet will be processed in this case multiple modules are enabled.
Note: In DNS module only DNS Caching feature is in use there are in Wide IPs configured.
Also, please help me where to find to find the bash commands refernce for LTM.
Thanks,
Ashish Solanki
1. Packet Filter
2. AFM
3. FLOW_INIT (An iRule Event i.e. when FLOW_INIT)
4. LTM
5. APM
6. ASM / Adv WAF
The ASM can block things and inform the AFM so that next time the attack is blocked at the AFM level.
The DNS/GTM module is seperate thing and only if you use the AFM DNS protection (DNS firewall and IPS) then the AFM will be infront of the DNS module (Protocol Security > Security Profiles) or the AFM IPS that may have signatures for DNS attacks.
https://support.f5.com/csp/article/K44080215
How come only DNS caching is configured? If you have not enabled "GSLB" under the DNS profile for the used listener then the Wide IP will not be used.
https://support.f5.com/csp/article/K21520582
https://support.f5.com/csp/article/K14510
Also the DNS Cache if it of transperant type a pool of DNS servers needs to be attached under the DNS Listener/VIP and also "Unhandled Query Actions" needs to be set to Allow (Also check the Wide IP load balancing is not having a load balancing method that stops the sending of data to the other DNS objects if there is no Wide IP match).
Don't ask so many questions at once under a single post, so for the other " refernce for LTM" better open another qustion but first I suggest try to find the answer on your own as F5 has really good documentation.
- Nikoolayy1
MVP
1. Packet Filter
2. AFM
3. FLOW_INIT (An iRule Event i.e. when FLOW_INIT)
4. LTM
5. APM
6. ASM / Adv WAF
The ASM can block things and inform the AFM so that next time the attack is blocked at the AFM level.
The DNS/GTM module is seperate thing and only if you use the AFM DNS protection (DNS firewall and IPS) then the AFM will be infront of the DNS module (Protocol Security > Security Profiles) or the AFM IPS that may have signatures for DNS attacks.
https://support.f5.com/csp/article/K44080215
How come only DNS caching is configured? If you have not enabled "GSLB" under the DNS profile for the used listener then the Wide IP will not be used.
https://support.f5.com/csp/article/K21520582
https://support.f5.com/csp/article/K14510
Also the DNS Cache if it of transperant type a pool of DNS servers needs to be attached under the DNS Listener/VIP and also "Unhandled Query Actions" needs to be set to Allow (Also check the Wide IP load balancing is not having a load balancing method that stops the sending of data to the other DNS objects if there is no Wide IP match).
Don't ask so many questions at once under a single post, so for the other " refernce for LTM" better open another qustion but first I suggest try to find the answer on your own as F5 has really good documentation.
SushantAltostratus
Hi Nikoolayy1 " The ASM can block things and inform the AFM so that next time the attack is blocked at the AFM level."
Is there any document about what are the things that it can block ? It must probably be for signature based ? If you have any links regarding it please share
Thanks !
- Sushant
Ok thanks got your point ..Cheers !