Forum Discussion

Nimbostratus

Jan 19, 2015

Redirect unallowed traffic

In my network I would like to have a way to redirect traffic that is not allowed by policy into some logging network or honeynet instead of just blocking it. Can I do that with the f5 firewall p...

advanced firewall manager

StephanManthey

Nacreous

Jan 25, 2015

Hi Ariel,

I would simply use an iRule:

when CLIENT_ACCEPTED {
     check client source IP and target IP / target service and forward to honeypot
    if {([IP::client_addr] eq "10.131.131.171") && ([IP::local_addr] eq "10.131.131.100") && ([TCP::local_port] eq "22")} {
        node 10.131.131.111
    }
}

And sorry for answering a bit off-topic.

I do not have AFM ready-to-run. But I assume it has the ability to assign a pool depending on policy match.

The pool would contain the honeypot servers (configured to port "0", so no port translation applied).

Thanks, Stephan

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)