I have F5 VM hosted in Azure which is having modules like LTM, DNS, Adv WAF and AFM. Need to know how packet will be processed in this case multiple modules are enabled.
Note: In DNS module only DNS Caching feature is in use there are in Wide IPs configured.
Also, please help me where to find to find the bash commands refernce for LTM.
The ASM can block things and inform the AFM so that next time the attack is blocked at the AFM level.
The DNS/GTM module is seperate thing and only if you use the AFM DNS protection (DNS firewall and IPS) then the AFM will be infront of the DNS module (Protocol Security > Security Profiles) or the AFM IPS that may have signatures for DNS attacks.
Also the DNS Cache if it of transperant type a pool of DNS servers needs to be attached under the DNS Listener/VIP and also "Unhandled Query Actions" needs to be set to Allow (Also check the Wide IP load balancing is not having a load balancing method that stops the sending of data to the other DNS objects if there is no Wide IP match).
Don't ask so many questions at once under a single post, so for the other " refernce for LTM" better open another qustion but first I suggest try to find the answer on your own as F5 has really good documentation.
The ASM can block things and inform the AFM so that next time the attack is blocked at the AFM level.
The DNS/GTM module is seperate thing and only if you use the AFM DNS protection (DNS firewall and IPS) then the AFM will be infront of the DNS module (Protocol Security > Security Profiles) or the AFM IPS that may have signatures for DNS attacks.
Also the DNS Cache if it of transperant type a pool of DNS servers needs to be attached under the DNS Listener/VIP and also "Unhandled Query Actions" needs to be set to Allow (Also check the Wide IP load balancing is not having a load balancing method that stops the sending of data to the other DNS objects if there is no Wide IP match).
Don't ask so many questions at once under a single post, so for the other " refernce for LTM" better open another qustion but first I suggest try to find the answer on your own as F5 has really good documentation.
Hi Nikoolayy1" The ASM can block things and inform the AFM so that next time the attack is blocked at the AFM level."
Is there any document about what are the things that it can block ? It must probably be for signature based ? If you have any links regarding it please share
Sorry I added something that a little more related to the ip inteligence as this is even before the AFM (but not before the packet filters as the packet filters are always first) in the order of packet processing and it is for DDOS at layer 7 (asm) or layer 3/4(afm). It means that when the ASM/AFM detect ddos they tell the Ip inteligence to block the source IP. It is called shun list for the ASM and Bad Actor Detection for the AFM.
The ASM bad actor is another feature for auto signature to be generated for bad traffic as the DDOS protection at layer 7 is before the ASM policy evaluation (for the AFM it is the same the DDOS layer 3 and 4 protection is before the layer 3 and 4 security rules).
