Packet Processing Order
- Processing order when AFM/LTM/ASM modules are running in the same appliance:
- The packet is first evaluated by the packet filter (LTM)
- Next, it is evaluated by AFM. Keep in mind that AFM has its own order of operations and will work down that as well:
- global,
- route domain,
- virtual server,
- And self IP.
- LTM comes next
- Processes the 3 way handshake on the client side of the proxy
- ASM processes the traffic after LTM, and then hands the traffic back to LTM to finish up. ASM sits off to the side and tells either LTM (server side of the proxy) to proceed or hands out a block page.
- Lightboard Lessons: BIG-IP Life of a Packet – https://devcentral.f5.com/articles/lightboard-lessons-big-ip-life-of-a-packet-24895
Deployment modes
- ADC or Application Mode (allow default – positive security model)
- Any traffic that needs to be blocked has to be manually specified
- Firewall (default deny – negative security model)
- Any traffic that needs to be allowed has to be manually specified
Firewall Actions
- Accept
- Drop
- Reject
- Accept Decisively
Recent Comments