The F5 𝐀𝐅𝐌 (𝐀𝐝𝐯𝐚𝐧𝐜𝐞𝐝 𝐅𝐢𝐫𝐞𝐰𝐚𝐥𝐥 𝐌𝐚𝐧𝐚𝐠𝐞𝐫) Module provides different key features including: "𝐍𝐞𝐭𝐰𝐨𝐫𝐤 𝐅𝐢𝐫𝐞𝐰𝐚𝐥𝐥 𝐏𝐨𝐥𝐢𝐜𝐲", "𝐍𝐀𝐓 - 𝐏𝐨𝐥𝐢𝐜𝐲", "𝐈𝐏𝐒 - 𝐏𝐨𝐥𝐢𝐜𝐲 (𝐏𝐈𝐏)", "𝐋𝟐-𝟕 𝐃𝐃𝐨𝐒 𝐏𝐫𝐨𝐭𝐞𝐜𝐭𝐢𝐨𝐧 𝐏𝐫𝐨𝐟𝐢𝐥𝐞", "𝐏𝐒𝐏 (𝐏𝐫𝐨𝐭𝐨𝐜𝐨𝐥 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐏𝐫𝐨𝐟𝐢𝐥𝐞)", "𝐈𝐏𝐈 (𝐈𝐏 𝐈𝐧𝐭𝐞𝐥𝐥𝐢𝐠𝐞𝐧𝐜𝐞) 𝐏𝐨𝐥𝐢𝐜𝐲", and "𝐒𝐞𝐫𝐯𝐢𝐜𝐞 𝐏𝐨𝐥𝐢𝐜𝐲".
By focusing on "𝐍𝐞𝐭𝐰𝐨𝐫𝐤 𝐅𝐢𝐫𝐞𝐰𝐚𝐥𝐥" Engine, there are two Deployment Scenarios:
𝟏- 𝐀𝐃𝐂 - 𝐌𝐨𝐝𝐞 (𝐃𝐄𝐅𝐀𝐔𝐋𝐓):
* It is based on "𝐍𝐞𝐠𝐚𝐭𝐢𝐯𝐞 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐌𝐨𝐝𝐞𝐥"
* All Traffic destined for a “𝐒𝐞𝐥𝐟-𝐈𝐏“ or “𝐕𝐢𝐫𝐭𝐮𝐚𝐥 𝐒𝐞𝐫𝐯𝐞𝐫“ is “Allowed”, unless an ACL specifically Denies it
* It applies ONLY to the “𝐕𝐢𝐫𝐭𝐮𝐚𝐥 𝐒𝐞𝐫𝐯𝐞𝐫“ and “𝐒𝐞𝐥𝐟-𝐈𝐏“ Contexts on the system
* It is also called "𝐃𝐞𝐟𝐚𝐮𝐥𝐭-𝐃𝐞𝐧𝐲 𝐌𝐨𝐝𝐞"
* In this mode, the “SOURCE” and “DESTINATION” settings of each Virtual Server (and Self-IP) imply corresponding Firewall Rules
𝟐- 𝐅𝐢𝐫𝐞𝐰𝐚𝐥𝐥 - 𝐌𝐨𝐝𝐞:
* It is based on "𝐏𝐨𝐬𝐢𝐭𝐢𝐯𝐞 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐌𝐨𝐝𝐞𝐥 (𝐙𝐄𝐑𝐎-𝐓𝐑𝐔𝐒𝐓)"
* You can configure the system to Drop or Reject all traffic 𝐍𝐎𝐓 explicitly allowed
* It applies a "𝐃𝐞𝐟𝐚𝐮𝐥𝐭-𝐃𝐞𝐧𝐲" Policy ONLY to all “𝐒𝐞𝐥𝐟-𝐈𝐏𝐬“ and “𝐕𝐢𝐫𝐭𝐮𝐚𝐥 𝐒𝐞𝐫𝐯𝐞𝐫𝐬”
* All traffic is "𝐁𝐋𝐎𝐂𝐊𝐄𝐃" through the AFM Module, and any traffic you want to "𝐀𝐋𝐋𝐎𝐖" through, must be Explicitly configured in the Security Rules
No comments:
Post a Comment