Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

AFM Default drop counter

JBonnet
Nimbostratus
Nimbostratus

‎31-Jan-2023 08:15

I would like to know the purpose of the default drop/reject rule under global context, i.e. what circumstance is this incremented?

Creating policies within global/virtual or self IP context do not seem to affect the counter (any accept/deny counters are all incremented within those polices).

Reset stats does not affect the counter value (example below 423 remains the same).

afm.png

Thankyou in advance.

Labels:
0 Kudos
1 REPLY 1

Greasy_Pretzel
F5 Employee
F5 Employee

‎01-Feb-2023 07:25

The manual says: If a packet does not match any rule in any context on the firewall, the Global Reject or Global Drop rule drops the packet (Global Drop) or drops the packet and sends the appropriate reject message (Global Reject) even when the system is in a default allow configuration.

If the counter for Default rule is not incrementing but they are incrementing for Virtual Server or the Self IP, that means there are more specific matches and not hitting the default rule on Global context. Packets dropped on Virtual Server or the Self IP context will not have an affect on the Global counter.

Copyright © 2023 Khoros, LLC