Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

Can F5 be in Bridge Mode or a L2 DDOS to protect from L3-L4 DDOS attack

T0nyP
Cirrus
Cirrus

‎04-Apr-2023 08:49 - edited ‎04-Apr-2023 08:51

Hi F5 community,

We just want to consult if F5 rSeries models ( Active-Standby HA setup ) with AFM license is capable to do bridge mode to cater L3-L4 DDOS protection before it goes to Internet Perimeter FW.

We ask this so that there will be no re-architecture or change of config about the Public IP defined in the Internet Perimeter FW.

If you have any document experience or KB article pertaining to this it will be a great help to us. Thank you in advance.

Labels:
0 Kudos
5 REPLIES 5

Paulius
MVP
MVP

‎04-Apr-2023 09:22

@T0nyP This seems like what you are looking for but not 100%.

https://techdocs.f5.com/kb/en-us/products/big-ip-aam/manuals/product/aam-network-configuration-12-1-...

Nikoolayy1
MVP
MVP

‎10-Apr-2023 00:32

You mean vlangroup or vwire ? rSeries with the latest 1.3.x software now supports vwire https://clouddocs.f5.com/f5os/F5OS-A/v1.3.0/F5OS-A-1.3.0-virtual-wire-support-cBIP-15.1.8.html and I have done AFM DOS on vwire (not on rSeries but the same should be true).

 

As you may not have self-ip things like tcp cookies (afm AFM TCP Half Open vector) may not work in vWire but dropping tcp sync fload attack will work, so there are some small limitations to keep in mind.

T0nyP
Cirrus
Cirrus
In response to Nikoolayy1

‎10-Apr-2023 18:08

Highly appreciate your guidance and thanks much for informing me about vWire feature for L2 DDOS Setup.

Additonal inquiry only.

Do we still need to setup a FW policy? And in what context do you recommend to apply the FW policy?

Thanks in advance.

0 Kudos

Nikoolayy1
MVP
MVP
In response to T0nyP

‎11-Apr-2023 01:28 - edited ‎11-Apr-2023 01:30

I can't tell you if you need AFM policy as this is something that you need to be aware of as admin of the network environment if you need not only DOS protection but also security rules.

 

The AFM policy is usually global for such deployments but if you do not have good knowedge in AFM  and rSeries better involve F5 PS as you are risking to much as the Devcentral community that F5 professionals are helping each other for some basic or complex questions can't replace training or a PS consultant.

T0nyP
Cirrus
Cirrus
In response to Nikoolayy1

‎11-Apr-2023 01:34

Thanks for this clarification and reply. Totally agree on this. 

0 Kudos
Copyright © 2023 Khoros, LLC