The BIG-IP Advanced Firewall Manager is an ICSA-certified Firewall that provides critical protection for all of your web applications.  It is built on TMOS (the foundational operating system used by all F5 BIG-IP products), and it can run on any of the F5 Application Delivery Platforms.  

The AFM delivers the most effective network-level security for enterprises and service providers. Whether on-premises or in a software-defined data center, the AFM tracks the state of network sessions, maintains application awareness, and mitigates threats based on more attack details than traditional network firewalls. It also protects your organization from aggressive distributed denial-of-service (DDoS) attacks before they can reach your data center

This operations guide was written by the engineers who design, build, and support the AFM, as well as other F5 professionals who have firsthand experience with this technology.  In this guide you’ll find recommendations, practices, and troubleshooting tips to keep your AFM running at peak efficiency.

This guide provides details on configuration items like packet flow, firewall rules, Network Address Translation, DDoS mitigations, logging, and troubleshooting.  The goal of this guide is to assist customers with keeping their BIG-IP system healthy, optimized, and performing as designed. This guide describes common information technology procedures as well as some that are exclusive to BIG-IP systems. If you have specific questions about how to configure and operate your BIG-IP AFM, take some time to look at this guide and I'm sure you will find some great guidance here.  Enjoy!

 

BIG-IP Advanced Firewall Manager Operations Guide (v12.0)