The AFM delivers the most effective network-level security for enterprises and service providers. Whether on-premises or in a software-defined data center, the AFM tracks the state of network sessions, maintains application awareness, and mitigates threats based on more attack details than traditional network firewalls. It also protects your organization from aggressive distributed denial-of-service (DDoS) attacks before they can reach your data center
This operations guide was written by the engineers who design, build, and support the AFM, as well as other F5 professionals who have firsthand experience with this technology. In this guide you’ll find recommendations, practices, and troubleshooting tips to keep your AFM running at peak efficiency.
This guide provides details on configuration items like packet flow, firewall rules, Network Address Translation, DDoS mitigations, logging, and troubleshooting. The goal of this guide is to assist customers with keeping their BIG-IP system healthy, optimized, and performing as designed. This guide describes common information technology procedures as well as some that are exclusive to BIG-IP systems. If you have specific questions about how to configure and operate your BIG-IP AFM, take some time to look at this guide and I'm sure you will find some great guidance here. Enjoy!
@rob_carr, great catch on this, and thanks for the question. i admit that the flow sequence wording on page 8 is a bit confusing. fortunately, the diagram on page 7 is correct and follows the proper flow patterns and logic. so, it's best to just reference the diagram for now. i'm working with the author to update the verbiage in the document, and i'll post an updated version here as soon as it's available. thanks again for the catch!!
