Forum Discussion

Altostratus

Mar 21, 2023

PEM Policy Rule Classification Didnt Match

i run PEM POC in my lab and managed to control bandwidth or drop traffic for selected subscriber with any application. when trying to limit YouTube traffic, it seems the policy didnt match the youtu...

application delivery

pem

Nikoolayy1

MVP

Mar 22, 2023

What about using only url filter without ''category Video'' app filter as you may not have licensed this or you may need to configure it with iRules as below. Probaly you have checked if changing " precedence " or the rules if it changes something like making rule 1 with precedence 1 and rule 2 (the drop rule) with precedence 2.

https://techdocs.f5.com/kb/en-us/products/big-ip-pem/manuals/product/pem-implementations-13-0-0/23.html

Also check if the url database is correctly been pulled. Maybe with irule to see if youtube is corectly checked:

https://clouddocs.f5.com/api/irules/CLASSIFICATION__urlcat.html

Outside of that I can't give you more suggestions as this is also a hard topic for me 🙂

hasmadihadi

Altostratus

Mar 22, 2023

i have tried select url filter only but still didnt match.
let me try iRule if it works..

Nikoolayy1
MVP
Mar 23, 2023
Also it is interesting if you can check if the subscriber is matching the default second policy as mentioned in https://techdocs.f5.com/kb/en-us/products/big-ip-pem/manuals/product/pem-implementations-13-1-0/30.html Maybe also try to see if you can enable extra logging under Policy Enforcement > Subscribers > Activity Log > Configuration as you can use a local publisher to see the data on the F5 device itself.

That are my final ideas as this could be a lab related issue as PEM is usually not available for LAB VM and maybe with the URL DB not licensed even the custom URL categories could having issues but I can't confirm this.
- hasmadihadi
  Altostratus
  Mar 24, 2023
  i didnt find the second policy in the link you provided. maybe you can point any quotes so can find it.
  i am quite sure the static subcriber match the policy and it just didnt match rule even with higher precedence than any rule in the same policy.
  if i enable URL filtering and PEM URL filtering license, is there any conflict?
  - Nikoolayy1
    MVP
    Mar 24, 2023
    I meant second rule not second policy, my mistake.
    
    About "if i enable URL filtering and PEM URL filtering license, is there any conflict?" I have not enabled them at the same time to give you an answer to that question. Better check with the sales/solutions engineer that probably is helping you for the PoC.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

PEM Policy Rule Classification Didnt Match

AppWorld Berlin iRules Contest!

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

Recent Discussions

SSL Forward Proxy, iRules and Client Hello

monitor/healthcheck issue with envoy gateway

Recommendation for Adv. Lab

Changes to DO and AS3 GitHub - no longer monitored

How to Verify config before loading to F5

Related Content

Fine-Tuning F5 NGINX WAF Policy with Policy Lifecycle Manager and Security Dashboard

LTM Policy

iControl REST Cookbook - LTM policy (ltm policy)

Minimizing Security Complexity: Managing Distributed WAF Policies

Update an ASM Policy Template via REST-API - the reverse engineering way

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS