Applies To:
Show VersionsBIG-IP PEM
- 13.0.1, 13.0.0
About enforcing policy and classification on IP protocols
The BIG-IP® system now provides classification and policy enforcement on all non-TCP and non-UDP traffic, which includes IPsec traffic. The Policy Enforcement Manager™ is able to classify and enforce any action on virtually any type of IP traffic. This enables detection of IPsec, ICMP, GRE, and other IP protocols (especially tunneling) for the service providers. For IPsec, Encapsulating Security Payloads (ESP) and Authentication Headers (AH) protocols are used, in both tunnel and transport modes.
A bottom hudfilter forwards non-TCP and non-UDP traffic for both classification and policy enforcement.
Creating Any IP profiles for PEM
Updating Any IP profile
IPOther filter for current PEM actions
The policy actions configured in the Policy Enforcement Manager™ can support non-TCP and non-UDP traffic flows. This table contains the information that highlights the actions supported for non-TCP and non-UDP traffic.
Action | All non-TCP and non-UDP flows |
---|---|
Forwarding | Only non-tunnel protocols.
Note: ICMP traffic can be steered.
|
Service-chain | Only non-tunnel protocols.
Note: ICMP traffic can be steered.
|
Cloning | Yes |
BWC (both directions) | Yes |
L2 QoS markings (both directions) | Yes |
Flow Reporting | Yes |
Session Reporting | Yes |
Gate status drop | Yes |
Quota | Yes |
HTTP-redirect | No |
Modify HTTP headers | No |
iRules | CLIENT_DATA and CLIENT_ACCEPTED iRules only (like UDP filter). |