cancel
Showing results for 
Search instead for 
Did you mean: 

AFM: Is the Network Firewall Policy a higher precedence than the IP Intelligence Policy?

AlgebraicMirror
Nimbostratus
Nimbostratus

Hi. I'm trying to figure out whether the Network Firewall policy has a higher precedence than IP Intelligence Policy.

 

My goal is to put a general IP Intelligence policy on a virtual server, but then establish a whitelist of a few IPs using a regular Network Firewall policy that explicitly allows those IPs. But whether that strategy works or not depends on what the precedence of these two policy types are.

 

2 REPLIES 2

Stephan_Mierau
F5 Employee
F5 Employee

I would say it depends where the items are located. The AFM goes through the policy from Global -> Route Domain -> Virtual Server. If you put your IP whitelist on the Route Domain with accept decisively and the IPI policy to the virtual server, it should work

 

Stanislas_Piro2
Cumulonimbus
Cumulonimbus