F5 BIG-IP AFM and FireMon Integration Guide
Table of Contents
Introduction
FireMon’s Policy Manager is the industry’s most trusted firewall policy automation platform enabling organizations to stay compliant, reduce risk, and accelerate secure access changes across all environments, from legacy data centers to multi-cloud deployments. Eliminate policy-related risk, accurately and quickly change rules, and meet internal and external compliance requirements.
F5 BIG-IP Advanced Firewall Manager (AFM) is a high-performance, full-proxy network security solution designed to protect networks and data centers against incoming threats that enter the network on the most widely deployed protocols. This product’s unique application-centric design enables greater effectiveness in guarding against targeted network infrastructure-level attacks. Additionally, with BIG-IP AFM, organizations receive protection from more than 100 attack signatures—more hardware-based signatures than any other leading firewall vendor—along with unsurpassed programmability, interoperability, and visibility into threat conditions.
Demo Video
Deployment Prerequisites
This guide was tested with the following software versions:
- F5 BIG-IP versions 15.1, 16.1, 17.5
- FireMon version FMOS 2025.2.1
FireMon Configuration
From the FireMon Administrative view, select Device > Devices
On the right, click Create. Select F5, then BIG-IP.
Give it a Name and optionally a Description. Enter the Management IP Address.
Under Device Settings, enter a Username and Password that can be used to login to the BIG-IP.
Expand Monitoring to review the configuration. Make changes if needed.
Expand Retrieval to review the configuration. As best practice, you should schedule automatic retrieval.
Click Save when done
Then go to Workflow > Workflows.
Under Policy Planner, click Create > Access Request.
Give it a name and click Save.
The Workflow screen should look like the image below.
Do the same for the Policy Optimizer configuration.
F5 BIG-IP AFM Configuration
In the BIG-IP UI, navigate to System > Logs > Configuration > Remote Logging.
Enter the IP address of the FireMon, then click Add. Click Update when done.
FireMon Administration
Click the 3 dots on the far right and select Retrieve Configuration.
Click Retrieve
You should see the following messages.
Note the Health Status might be Critical
This is because no Usage Data has been received. The Health should go to Normal once Usage Data is received.
FireMon Security Manager
Access the FireMon Security Manager from the menu on the top left.
The main Dashboard gives an overview of your Device Inventory. It also has an intuitive Rule Search widget so you can easily find the rules you’re looking for.
Select Policy then Security Rules.
This gives you a detailed view of your F5 AFM Policy.
The Compliance Dashboard is useful for getting a quick snapshot of your overall compliance.
Assessment Results will show any previous results. Click Run Report to run the Assessment again.
Select the Devices you want to run the assessment against.
Enable any additional Options, then click Run Report.
The Assessment Summary
The Executive Summary
Conclusion
FireMon helps keep F5 firewalls running smoothly with a complete configuration management solution, including full support for the BIG-IP AFM line of network security platforms and appliances. FireMon monitors each appliance, capturing event and traffic logs in real time. All change events trigger a full configuration capture, including detailed change history and a full audit trail of operations. F5 AFM devices can be monitored directly or indirectly if another event collection system is in place.
Related Content
Boost Efficiency and Security with F5 BIG-IP Advanced Firewall Manager
Employee