AFM Enhancements in BIG-IP v13
Per your second question, the policy will work for a virtual server if they're in the same route domain or global policy. A diff between policy and virtual server can create a mismatch count in tmctl. This increments the protocol, address, or route domain mismatch counter.
For the VS/Policy based on GeoIP or User, think in terms of mixing previously unusable attributes to match against a VS.
Source Specifies packet sources to which the rule applies. Leaving this field blank applies the rule to all addresses and all ports. You can specify the following source/destination items when matching a VS:
- an IPv4 or IPv6 address
- an IPv4 or IPv6 address range
- FQDN
- geographic location
- VLAN
- address list
- port
- port range
- port list
- address list
From there, the idea is to combine the VS receiving the traffic into other modules. I do not have PEM licensed on this system to make these options available.