I have a Forwarding (IP) virtual server, with SNAT Automap. Allowed sources is set to 172.16.0.0/16, and destination is 10.0.0.0/8. The Big-IP has AFM enabled (default deny), with a global policy, but no security policy on this virtual server.
In spite of that, the event logs (Security -> Event Logs -> Network -> Firewall) show many entries for traffic forwarding through this VS. The context is shown as "Virtual Server" and the "Policy Type" and "Policy Name" fields are empty. The majority of these entries are for clients hitting a particular server and port, which I specifically don't want to log, due to the volume.
Problem is, I can't find what setting is actually causing them to be logged in the first place. Can anyone shed light on this?
I already have a global-policy rule that allows 172.16.0.0/16 to that server and port without logging, but this doesn't stop the log entries in the virtual server context.
I temporarily added a security policy to the VS, with a similar rule to the one in the global policy, but that also failed to stop these entries appearing.
The virtual server has the default fastL4 profile, and no logging parameters that I can see.
Other modules enabled: LTM, GTM, ASM, APM.