Lightboard Lessons: Dynamic AFM Policy Selection Based on Geolocation

For some web applications, you need a separate network firewall policy for users from different geographic locations.  You might want to open specific ports for users from one country and block those same ports for users from another country.  Using the power of iRules and VIP-targeting-VIP solutions, you can dynamically select an AFM policy based on source IP address geolocation.  This Lightboard Lessons discusses the details of it all.  Enjoy!  

Related Resources:

Published Sep 13, 2017
Version 1.0

Was this article helpful?


  • Hi John,


    As usual very nice video. Wonder if there is any noticeable performance hit when traffic is processed by two VS and two policies in compare to create whole policy on single VS?




  • Great question Piotr! I haven't had a chance to do the performance testing on this solution, but I hope to get to that soon. For this initial solution, I wanted to show the feasibility of doing this, and then I can look to tune it for efficiency as a next step. Thanks!


  • Hi,


    Sorry for messing around, I am as always curious creature :-), and of course thanks for willingness to solve my puzzles.