Technical Forum
Ask questions. Discover Answers.
cancel
Showing results for 
Search instead for 
Did you mean: 

To make the F5 AFM like a full NGFW is there plans the F5 AFM to integrate with AD for username/group access control and pcap capture when a signature is triggered ?

Hello to All,

 

Are there any plans to have the option for the AFM to do rules based on username/group not only IP address? Not many people know that you can use the AFM to make rules based on applications/services with a service policy to prevent for example port 80 to be used by telnet (port misuse) https://techdocs.f5.com/kb/en-us/products/big-ip-afm/manuals/product/network-firewall-policies-imple... , so only the username/group access control is needed and the F5 AFM is like NGFW. Also Now with the addition of the prototocol inspection profiles that are like IPS system ( https://support.f5.com/csp/article/K44080215 ) also having an option to do automatic PCAP capture on a packet that triggered a signature to see if it is false positive will help to make the AFM a full NGFW.

1 ACCEPTED SOLUTION

Hi,

 

I think it is best you ask your local F5 SE these questions (also the one about PHP language detection).

 

Cheers,

 

Kees

View solution in original post

1 REPLY 1

Hi,

 

I think it is best you ask your local F5 SE these questions (also the one about PHP language detection).

 

Cheers,

 

Kees