For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Packet Tracing in BIG-IP AFM

New in the v13 release of the BIG-IP Advanced Firewall Manager is the capability to insert a packet trace into the internal flow so you can analyze what component within the system is allowing or blo...
Updated Jun 06, 2023
Version 2.0
AFM
big-ip v13
packet capture
security
JRahm's avatar
Icon for Admin rankAdmin
Christ Follower, Husband, Father, Technologist. I love community and I especially love THIS community. My background is networking, but I've dabbled in all the F5 iStuff, I'm a recovering Perl guy, and am very much a python enthusiast. Learning alongside all of you in this accelerating industry toward modern apps and architectures.
View Profile
smyth_128099's avatar
smyth_128099
Historic F5 Account
Jan 09, 2019

Just a note on using it on the command line. Testing with BIG-IP v14.0.0, you need to specify the vlan using the full name format (external/internal alone wont work) .Like this ... src-vlan /Common/external detail ... otherwise yes the packet trace will run, but it wont show you anything, it won't pick up whats configured on the system. The detail options adds more detail as well.

 

So you see for example ....RD0 contains an AFM policy with a rule with a redirect action inside it

 

snip . . .

 

Stage:Route Domain-Access Control (/Common/0)

 

Result: Allow

 

Other Information

 

Policy Name: /Common/route_domain_policy

 

Policy Type: Enforced

 

Subscriber Name: unknown

 

Subscriber Group Name: unknown

 

Rule Name: route_domain_policy_redirect_rule

 

Source FQDN: unknown

 

Destination FQDN: unknown

 

Source Geo: No-lookup

 

Destination Geo: No-lookup

 

Redirected VS: /Common/fw_redirect_vs

 

Log Config:Disable

 

. . .