Will traffic be blocked or processed further if "Global" context is set to Reject

Question

Dear Expert,&nbsp;
I have F5 running 12.1.2, AFM is licensed and provisioned.&nbsp;
I can see only two options for "Global Context" by navigating "Security  ››  Options : Network Firewall", either it could be "Reject" or "Drop".&nbsp;
If I keep it as default "Reject", as context it "Global" all packet will first hit this match and it will get dropped or it will be matched and processed further.&nbsp;
Please suggest.&nbsp;

charlescs · Answer

Although firewall rules in the global context are processed first, the global default action (drop/reject) is only applied last after all rules in all other contexts have been evaluated. In other words, if no rule in any context has matched this incoming connection, the global default action is taken. (Note that management port traffic is not handled by the global default.)&nbsp;
See the Policies and Implementations Guide for further details.&nbsp;

Forum Discussion

Will traffic be blocked or processed further if "Global" context is set to Reject

Recent Discussions

How to implement LTM forward proxy client to determine the diversion pool based on the domain name

FTP PASV mode to Extended Passive mode

Oracle JDBC SSL Termination failing on F5

APM for banner and cert

An Irule for Client Ssl Profile that Allows Unassigned TLS Extension Values (17516)

Related Content

How I did it - "Remote Logging with the F5 XC Global Log Receiver and Sumo Logic"

How I did it - "Remote Logging with the F5 XC Global Log Receiver and Elastic"

How I did it - "Remote Logging with the F5 XC Global Log Receiver and New Relic"

BIG-IP to Process TLS Syslog Traffic

F5 Distributed Cloud - Service Policy - Header Matching Logic & Processing

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS