Forum Discussion
Oly_r
Altocumulus
AltocumulusAFM not logging firewall rules
We have a lab setup that has a F5 i5800 running 14.1.5.1 working as a load balancer for DNS queries to multiple servers. I have been trying to get logs of the rule that drops all non dns queries and have not gotten a single entry. The count shows over 800 so there should be something there.
What i've done:
1. Created rules in Policy called DNS-Only with logging on for DropALL (last rule) and TCP-IN.
2. Enabled DNS-Only under Global.
3. Created Logging Profile DNS-Only-AFM-Log with Network Firewall enabled, set the Publisher to local-db-publisher and checked Accept, Drop, Reject in Log Rule Matches.
4. Enabled IP Intelligence, Traffic Statistics and Port Misuse to the same publisher (this was done after not getting any response with them set to Publisher NONE
5. Went into the Virtual servers enabled Network Firewall selecting the DNS-Only policy. Then enabled the Log Profile selecting the DNS-Only-AFM-Log
I then ran traffic through and watched the count going up on the TCP-in and DropAll rules. BUT NOTHING shows in Event logs Network Firewall. What am i missing.
Thanks for any help.
For a Global security rule you need to play with the "global-network" profile https://support.f5.com/csp/article/K51266926 as with Device DOS then the publisher is attached in the System Device DOS menu.
- Nikoolayy1
MVP
For a Global security rule you need to play with the "global-network" profile https://support.f5.com/csp/article/K51266926 as with Device DOS then the publisher is attached in the System Device DOS menu.
Oly_rThanks, i don't know how i missed that part of the process.