For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

anju_k_139770's avatar
anju_k_139770
Icon for Nimbostratus rankNimbostratus
Aug 04, 2016

tmsh command to see if a packet stream is allowed or configured as an ACL

referred to https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/bigip-tmsh-11-5-1.pdf?sr=56240631 but it is showing no records found for ACL configured in BigIP. I can see the acl ent...
acl
AFM
security
TMSH
boneyard's avatar
boneyard
Icon for MVP rankMVP
Aug 07, 2016

works like a charm for me, as i understand you use this to see which traffic would hit some AFM policy.

so i put a pretty random policy allowing tcp/99 on my virtual server listening to :99 on ip 10.3.22.69

i execute the command below and it shows my just configured AFM policy

user@(bigip-01)(cfg-sync Standalone)(ModuleNotLicensed:Active)(/Common)(tmos) show security firewall matching-rule source-addr 1.1.1.1 dest-addr 10.3.22.69 protocol 6 source-port 2034 dest-port 99 vlan /Common/external
Firewall Matching Rule:
----------------------------------------------------------------------------------
Context Type    Context Name                    Policy Name      Rule Name  Action
----------------------------------------------------------------------------------
Virtual Server  /Common/vs-test_p99  /Common/allow-99  tcp-99     Accept

Total records returned: 1

if it still doesn't work for you are you sure you are putting the right info in there? see this as some kind of traffic generating command.