Packet Tracing in BIG-IP AFM

New in the v13 release of the BIG-IP Advanced Firewall Manager is the capability to insert a packet trace into the internal flow so you can analyze what component within the system is allowing or blo...
Updated Jun 06, 2023
Version 2.0
AFM
big-ip v13
packet capture
security
smyth_128099's avatar
smyth_128099
Historic F5 Account
Jan 09, 2019

Just a note on using it on the command line. Testing with BIG-IP v14.0.0, you need to specify the vlan using the full name format (external/internal alone wont work) .Like this ... src-vlan /Common/external detail ... otherwise yes the packet trace will run, but it wont show you anything, it won't pick up whats configured on the system. The detail options adds more detail as well.

 

So you see for example ....RD0 contains an AFM policy with a rule with a redirect action inside it

 

snip . . .

 

Stage:Route Domain-Access Control (/Common/0)

 

Result: Allow

 

Other Information

 

Policy Name: /Common/route_domain_policy

 

Policy Type: Enforced

 

Subscriber Name: unknown

 

Subscriber Group Name: unknown

 

Rule Name: route_domain_policy_redirect_rule

 

Source FQDN: unknown

 

Destination FQDN: unknown

 

Source Geo: No-lookup

 

Destination Geo: No-lookup

 

Redirected VS: /Common/fw_redirect_vs

 

Log Config:Disable

 

. . .