Manual Chapter : Monitoring Active Firewall Policies

Applies To:

Show Versions Show Versions

BIG-IQ Centralized Management

  • 5.4.0
Manual Chapter

View active firewall policies

You use the Active Policy screen to view summary information about the firewall policies and rules that are currently active on BIG-IP® devices.
  1. Click Monitoring > REPORTS > Security > Network Security > Active Firewall Policies .
  2. Review the firewall policies, including on what BIG-IP devices they are active.
  3. To review the rules and rule lists in a policy, click the policy name.
    The screen displays rules and rule lists in the policy.
  4. To edit a rule or rule list, click the name of the rule or rule list.

Active firewall policy rule properties

This table describes the rule properties shown for a firewall policy that is active on a BIG-IP device.

Column Description
# Specifies the evaluation order of the rule within the policy. Rules are evaluated from the lowest number to the highest. If a rule is contained within a rule list, it will be numbered after the decimal point. For example, a policy with 3 rules, followed by a rule list containing 2 rules, followed by another rule outside of the rule list, would be numbered as: 1, 2, 3, 4, 4.1, 4.2, 5. In the example, 4 represents the rule list, and 4.1 and 4.2 are the evaluation order of the rules within that rule list.
Rule Name Specifies the name of the rule. This contains a reference to the rule list when the row contains a rule list. You can click the rule name for more information.
Rule List Name Specifies the name of the rule list that contains one or more rules. This is blank when the row contains a rule.
Action Specifies the action taken when the rule is matched, such as whether it is accepted or rejected.
Protocol Specifies the IP protocol used by the rule to compare against the packet.
Log Specifies whether the firewall software should write a log entry for any packets that match this rule.
State Specifies the activity state of the rule, such as whether it is enabled or disabled.