Manual Chapter : Common elements for AFM network firewall

Applies To:

Show Versions Show Versions

BIG-IP AFM

  • 15.0.0
Manual Chapter

Common elements for AFM network firewall

  1. From the Source
    Address/Region
    list, select
    Specify
    .
  2. Click
    Address List
    and select the appropriate address list object
  3. From the Source
    Port
    list, select
    Specify
    .
  4. Click
    Port List
    and select the appropriate port list object.
  5. From the Destination
    Address/Region
    list, select specify.
  6. Click
    Address List
    and select the appropriate address list object.
  7. From the Destination
    Port
    list, select
    Specify
    .
  8. Click
    Port List
    and select the appropriate port list object.
  9. Click
    Add
    .
  10. Optional. Select an iRule to trigger when the firewall rule matches.
    iRule sampling (available when an iRule is selected) allows you to specify how frequently an iRule is triggered when the rule matches. For example, if the value 5 is entered, the iRule triggers every 5th match.
  11. From the
    Action
    list, select the firewall action to perform on matching traffic.
  12. Click
    Add Rule List
    .
    Click the down arrow button to put the Rule List at either the top or bottom of the current list.
  13. Under
    Name
    , enter the name of an existing Rule List.
    To view the available Rule Lists, click the
    <<
    icon to the far right of the screen and then click
    Rule List
    .
  14. Click
    Done Editing
    to add the firewall rule to the policy.
  15. Click
    Commit Changes to System
    at the top of the page.
  16. Under
    ID
    , verify the new Rule List is in the proper order.
    You can drag and drop Rule Lists to reorder them.
  17. Under
    ID
    , verify the new Rule is in the proper order.
    You can drag and drop Rules and Rule Lists to reorder them.
  18. In the Source field, you can define the following packet source matching criteria by typing it into the field labeled
    add new source
    :
    For named objects such as address lists, VLANs or geographic locations, the system will auto-complete the name of the object. For individual service port or IP address entries, the system will define them once entered.
    • IPv4 or IPv6 addresses, address range or name of an address list.
    • Fully Qualified Domain Name (FQDN)
    • Service port, port range or port list.
    • Geographic location
    • VLAN
    • Subscriber or Subscriber group ID
  19. In the Destination field, you can define any of the following packet destination matching criteria by typing it into the field labeled
    add new source
    :
    For named objects such as address lists, VLANs or geographic locations, the system will auto-complete the name of the object. For individual service port or IP address entries, the system will define them once entered.
    • IPv4 or IPv6 addresses, address range or name of an address list.
    • Fully Qualified Domain Name (FQDN)
    • Service port, port range or port list.
    • Geographic location
    • VLAN
    • Subscriber or Subscriber group ID
  20. From the
    Rate Limit
    list, select Indefinite or specify.
  21. From the
    Storage Format
    list, choose:
    • None
    • Field-List
    • User-Defined