Manual Chapter : About protocol anomaly inspection

Applies To:

Show Versions Show Versions

BIG-IP AFM

  • 15.0.0
Manual Chapter

About protocol anomaly inspection

In the BIG-IP® Network Firewall, you can configure profiles to inspect traffic against protocol inspection items. Protocol inspection items are arranged in categories by the Service type. You can assign protocol inspection items individually or in groups. You can add a new inspection item by writing a valid Snort rule and defining matching characteristics. You can assign protocol inspection items to a firewall rule, or directly to a virtual server.
Rule precedence applies to protocol inspection profiles. The protocol inspection rules for the most granular context are applied. The only exception is that a virtual server firewall rule takes precedence over a profile applied directly toa virtual server. The order of precedence is:
  1. Profile applied to a virtual server firewall rule
  2. Profile applied directly to a virtual server
  3. Profile applied to a route domain
  4. Profile applied to the global context