Applies To:
Show VersionsBIG-IP PEM
- 13.0.1, 13.0.0
Overview: Creating local traffic policy rules for PEM
When you use Policy Enforcement Manager™ (PEM™), you can create a policy and attach it to traffic policy presets (ce_pem). In the LTM profiles classifictaion (classification_pem), the preset should be ce_pem. The virtual server should have classfication profile and SPM profile.
Local traffic policies can include multiple rules. Each rule defines the signature and consists of a condition. Actions are to be performed if the condition holds. Multiple signatures can be assigned to one policy, so you can create a local traffic policy that works with PEM and includes multiple rules that do different things depending on the conditions you set up. In this type of CE policy, each rule can include an application or category or both. The application and category can either be custom or defined applications and categories.
Task Summary
About strategies for local traffic policy matching
Each BIG-IP® local traffic policy requires a matching strategy to determine which rule applies if more than one rule matches.
The BIG-IP local traffic policies provide three predefined policy matching strategies: a first-match, best-match, and all-match strategy. Each policy matching strategy prioritizes rules according to the rule's position within the Rules list.
As needed, you can create a user-defined best-match strategy to customize the precedence (order of preference) of added operands and selectors. For example, to meet your preferred operand and selector combinations, you might create a user-defined best-match strategy that changes the precedence of added operands and selectors, compared to the predefined best-match strategy.
Matching strategy | Description |
---|---|
all-match strategy | An all-match strategy starts the actions for all rules in the Rules list
that match.
Note: In an all-match strategy, when multiple rules match, but
specify conflicting actions, only the action of the best-match rule is implemented. A
best-match rule can be the lowest ordinal, the highest priority, or the first rule that
matches in the Rules list.
|
best-match strategy | A best-match strategy selects and starts the actions of the rule in the
Rules list with the best match, as determined by the following factors.
Note: In a best-match strategy, when multiple rules match and specify an action,
conflicting or otherwise, only the action of the best-match rule is implemented. A
best-match rule can be the lowest ordinal, the highest priority, or the first rule that
matches in the Rules list.
|
first-match strategy | A first-match strategy starts the actions for the first rule in the Rules list that matches. |
About creating custom local traffic policy rules for CE profile
Classification signatures are added as rules in the local traffic policy. The classification signatures can be used for many standard categories and applications. In addition, you can create custom categories and applications. When you use Policy Enforcement Manager™ (PEM™), you can create a policy and attach it to traffic policy presets (ce_pem). In the LTM profiles classification (classification_pem), the preset should be ce_pem. The virtual server should have classification profile and SPM profile.
Local traffic policies can include multiple rules. Each rule defines the signature and consists of a condition. Actions are to be performed if the condition holds. Multiple signatures can be assigned to one policy, so you can create a local traffic policy that works with PEM and includes multiple rules that do different things depending on the conditions you set up. In this type of CE policy, each rule can include an application or category or both. The application and category can either be custom or defined applications and categories.