Manual Chapter :
About protocol anomaly inspection
Applies To:
Show Versions
BIG-IP AFM
- 17.1.0, 17.0.0, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0
About protocol anomaly inspection
In the BIG-IP Network Firewall, you can configure profiles to inspect
traffic against protocol inspection items. Protocol inspection items are arranged in categories
by the Service type. You can assign protocol inspection items individually or in groups. You can
add a new inspection item by writing a valid Snort rule and defining matching characteristics.
You can assign protocol inspection items to a firewall rule, or directly to a virtual server.
Rule precedence applies to protocol inspection profiles. The protocol inspection rules for the
most granular context are applied. The only exception is that a virtual server firewall rule
takes precedence over a profile applied directly toa virtual server. The order of precedence is:
- Profile applied to a virtual server firewall rule
- Profile applied directly to a virtual server
- Profile applied to a route domain
- Profile applied to the global context