Scribd
Upload
84 views3 pages

Article - K38201755 - BIG-IP AFM Operations Guide - Chapter 1 - Guide Introduction and Contents

This document provides an overview and contents of the BIG-IP AFM operations guide, outlining 8 chapters that will cover topics like packet flow, firewall rules, network address translation, denial of service mitigation, external tools for management, monitoring and logging, troubleshooting, and supplemental information. The BIG-IP AFM system delivers effective network-level security for enterprises and service providers by tracking network session state, maintaining application awareness, mitigating threats based on detailed attack information, and protecting against distributed denial-of-service attacks.

Uploaded by

Adi Anggara
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
84 views3 pages

Article - K38201755 - BIG-IP AFM Operations Guide - Chapter 1 - Guide Introduction and Contents

This document provides an overview and contents of the BIG-IP AFM operations guide, outlining 8 chapters that will cover topics like packet flow, firewall rules, network address translation, denial of service mitigation, external tools for management, monitoring and logging, troubleshooting, and supplemental information. The BIG-IP AFM system delivers effective network-level security for enterprises and service providers by tracking network session state, maintaining application awareness, mitigating threats based on detailed attack information, and protecting against distributed denial-of-service attacks.

Uploaded by

Adi Anggara
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

R

AskF5 Home / K38201755

K38201755: BIG-IP AFM operations guide | Chapter 1: Guide


introduction and contents

Operations Guide

Original Publication Date: Oct 09, 2018


Updated Date: Feb 28, 2020

Contents
Chapter 2: Packet Flow

Unlike a firewall, the BIG-IP AFM system processes traffic through any non-management interface using the
same ingress to egress packet flow method.

Packet flow in BIG-IP hardware


Packet flow in BIG-IP AFM software
Post-L4 processing
Dynamic Signatures
Protocol Inspection

Chapter 3: Firewall rules

The BIG-IP AFM Network Firewall uses rules to specify traffic handling actions.

Network Firewall
IP Intelligence
Protocol security
Routing options
BIG-IP AFM rules
BIG-IP AFM policies
BIG-IP AFM iRules
Rules and policies troubleshooting

Chapter 4: Network Address Translation (NAT)

A Network Address Translation (NAT) is a mapping of one IP address to another, which can be a translation of
source, destination, or both.

SNAT
NAT iRules

Chapter 5: Denial of Services (DoS)

The BIG-IP AFM system provides mitigation techniques against DoS/DDoS attacks.
BIG-IP AFM DoS mitigations
Packet processing (SYN cookie protection)
Device DoS
BIG-IP AFM DoS vectors
DoS policy development
Dynamic Signatures
DoS reporting and visibility
Signaling and intelligence

Chapter 6: External tools

Several external tools can be used to assist with management of one or multiple BIG-IP AFM systems,
logging, and transfer of information.

BIG-IQ Centralized Management


SNMP polling and alerting
Syslog
IPFIX
sFlow
Change and configuration management

Chapter 7: Monitoring and logging BIG-IP AFM

Because BIG-IP AFM is a critical component of a security infrastructure, F5 recommends periodic review of
BIG-IP AFM deployment logs to actively monitor the device and baseline performance.

BIG-IP AFM monitoring


BIG-IP AFM logging

Chapter 8: Troubleshooting

An introduction to the packet flow process and the tools needed for troubleshooting.

Troubleshooting traffic flow


BIG-IP AFM Network Firewall modes
Rule actions
Policy compilation
Logging
Statistics
Common troubleshooting tasks
Troubleshooting using BIG-IQ
Stateful failover using connection mirroring
DoS statistics output
IP Intelligence

The BIG-IP AFM system delivers the most effective network-level security for enterprises and service
providers. Whether on-premises or in a software-defined data center, the BIG-IP AFM system tracks the state
of network sessions, maintains application awareness, and mitigates threats based on more attack details than
traditional network firewalls. The BIG-IP AFM system also protects your organization from aggressive
distributed denial-of-service (DDoS) attacks before they can reach your data center.

Uninterrupted data center services


The BIG-IP AFM system ensures traffic isn’t interrupted, even under the most intense attacks. It protects the
data center and the applications behind it. The BIG-IP AFM system scales to support millions of concurrent
connections per second and provides more hardware-based vectors than other network firewalls.
Deep attack visibility
The BIG-IP AFM system helps operators respond to threats quickly and with a full understanding of their
security status. It provides summaries of current attack events, customizable reports, in-depth logging of attack
details, and integration with Security Information and Event Management (SIEM) tools.

Comprehensive DDoS defense


DDoS attacks can enter the network on a variety of protocols—including known bad actors, malformed
packets, slow-and-low, and flood attack types. The BIG-IP AFM system uses the flexibility of the iRules
scripting language, sophisticated filtering, immediate blacklisting, and over a hundred built-in threat vectors to
identify and mitigate DDoS attacks.

Notes:

Distributed denial-of-service (DDoS) is referred to generically as “denial-of-service” (DoS) in some areas


of the Configuration utility.
The majority of DDoS attacks exploit the transport and network layers. Layer 7 (L7) DDoS attacks are a
more sophisticated form of DDoS attack, which mimic human behavior as they interact with the user
interface at the application level.

Consolidated and strong security


The BIG-IP AFM system combines with other BIG-IP solutions to enhance security capabilities. It eliminates
the need for single-point products that support application delivery, application security, client-side protections,
user access, and DNS security. That means increased efficiency and lower total cost of ownership.

BIG-IP AFM features


The following are the main features offered by the BIG-IP AFM system:

App-centric policy enforcement unifies the application configuration with security parameters for
tighter policy enforcement.
Intelligent control automatically guards against known bad actors at the earliest traffic flow point. In
BIG-IP AFM 12.1.x and later, bad actor treatment is expanded to cover most DoS vectors to help select
and disable individual sources of malicious traffic. Each bad actor is handed off to IP intelligence and
dropped for a configurable period of time
Layer-3 and layer-4 attack protection terminates all connections and runs checks to identify and
mitigate network-level threats before they reach the data center.
Centralized management enables efficient deployment and management for a consistent and effective
security posture across an expanding set of firewall devices.
High-volume logging controls log DDoS events, provide controls that prevent log servers from
becoming overwhelmed, and support SNMP, SIP, DNS, and IPFIX collectors.
ScaleN Virtual Clustered Multiprocessing (vCMP) consolidates multiple firewalls onto a single device
for more flexible and isolated allocation of resources.

Supplemental Information
About operations guides
Optimizing the support experience

Applies to:

Product: BIG-IP, BIG-IP AFM


15.X.X, 14.X.X, 13.X.X, 12.1.X

You might also like