Apply AFM policy dynamically via iRule

Question

Is there a way to apply an AFM policy dynamically via an irule based on source country? I used to have an irule that did this using data-group list now we use AFM on the any/any forwarder but we've found that blocking our dns listener is causing email failures for some email hosts (gmail) with overseas MTAs. I haven't found a way to do this other than go back to an irule for that one listener. Thanks

stanislas_piro2 · Answer

Hi,&nbsp;
You can use country as AFM source. Why do you want to choose AFM policy in irule?&nbsp;

stanislas_piro2 · Answer

Hi,
This Irule will work for ltm with dns profile. You may be able to enable on arm rule.
when DNS_REQUEST {
   switch [DNS::question type] {       
       "MX" - "SOA" - "NS" {           
           return           
       }           
       default {
           DNS::header rcode NOERROR
           DNS::return 
   }   
}

Forum Discussion

Apply AFM policy dynamically via iRule

2 Replies

Recent Discussions

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

F5 Access Guard Deprecated: ZTA APM

F5 loadbalancer not working

Pricing when used with aws waf

F5 terminal - help to run commands - disk space full

Related Content

After applied ASM Policy to Virtual Server, connections will reset with Internal error in log

Auditing Security Policy Updates

Minimizing Security Complexity: Managing Distributed WAF Policies

Icontrol REST upload and apply policy- section "http-protocols" ignored?

How to use/apply an HTTP profile in an LTM policy