AFM Enhancements in BIG-IP v13

As you've noticed, DevCentral is covering some new features of F5 BIG-IP version 13 this month.  Today we'll review some core updates to Advanced Firewall Manager (AFM). Next week we'll dive deeper i...
Published Mar 20, 2017
Version 1.0
AFM
application delivery
big-ip v13
security
Chase_Abbott's avatar
Chase_Abbott
Icon for Employee rankEmployee
Mar 22, 2017

Per your second question, the policy will work for a virtual server if they're in the same route domain or global policy. A diff between policy and virtual server can create a mismatch count in tmctl. This increments the protocol, address, or route domain mismatch counter.

 

For the VS/Policy based on GeoIP or User, think in terms of mixing previously unusable attributes to match against a VS.

 

Source Specifies packet sources to which the rule applies. Leaving this field blank applies the rule to all addresses and all ports. You can specify the following source/destination items when matching a VS:

 

  • an IPv4 or IPv6 address
  • an IPv4 or IPv6 address range
  • FQDN
  • geographic location
  • VLAN
  • address list
  • port
  • port range
  • port list
  • address list

From there, the idea is to combine the VS receiving the traffic into other modules. I do not have PEM licensed on this system to make these options available.