To make the F5 AFM like a full NGFW is there plans the F5 AFM to integrate with AD for username/group access control and pcap capture when a signature is triggered ?
Are there any plans to have the option for the AFM to do rules based on username/group not only IP address? Not many people know that you can use the AFM to make rules based on applications/services with a service policy to prevent for example port 80 to be used by telnet (port misuse) https://techdocs.f5.com/kb/en-us/products/big-ip-afm/manuals/product/network-firewall-policies-imple... , so only the username/group access control is needed and the F5 AFM is like NGFW. Also Now with the addition of the prototocol inspection profiles that are like IPS system ( https://support.f5.com/csp/article/K44080215 ) also having an option to do automatic PCAP capture on a packet that triggered a signature to see if it is false positive will help to make the AFM a full NGFW.
