Forum Discussion
Nimbostratustmsh command to see if a packet stream is allowed or configured as an ACL
referred to https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/bigip-tmsh-11-5-1.pdf?sr=56240631 but it is showing no records found for ACL configured in BigIP. I can see the acl entry in GUI.
show security firewall matching-rule dest-addr x.x.x.x dest-port 80
source-addr y.y.y.y source-port 12345 protocol 6 vlan internal
2 Replies
- boneyard
MVP
you are using AFM right?
the example uses /Common/ before the VLAN have you tried that?
- boneyard
works like a charm for me, as i understand you use this to see which traffic would hit some AFM policy.
so i put a pretty random policy allowing tcp/99 on my virtual server listening to :99 on ip 10.3.22.69
i execute the command below and it shows my just configured AFM policy
user@(bigip-01)(cfg-sync Standalone)(ModuleNotLicensed:Active)(/Common)(tmos) show security firewall matching-rule source-addr 1.1.1.1 dest-addr 10.3.22.69 protocol 6 source-port 2034 dest-port 99 vlan /Common/external Firewall Matching Rule: ---------------------------------------------------------------------------------- Context Type Context Name Policy Name Rule Name Action ---------------------------------------------------------------------------------- Virtual Server /Common/vs-test_p99 /Common/allow-99 tcp-99 Accept Total records returned: 1if it still doesn't work for you are you sure you are putting the right info in there? see this as some kind of traffic generating command.
