Invert match in AFM policy

Question

Hi! &nbsp;
Is it possible to invert the match sense in AFM parameters like we do using ! with iptables?&nbsp;
Thanks!&nbsp;

richard_karon_7 · Accepted Answer

if you would like to change a single allowed address such as this one&nbsp;

accept all traffic to 10.1.1.1/32

you can invert this to disallow the traffic by using specific rules first and allow more general rules after.&nbsp;
for example assuming the rest of the network is a 24 bit subnet mask,&nbsp;

drop/reject all traffic for 10.1.1.1/32accept all traffic to 10.1.1.0/24

or vice-versa if you want to allow your specific ip address on a blocked subnet. &nbsp;

renato_166638 · Answer

No... At least I haven't found this option.&nbsp;

renato_166638 · Answer

Richard, that was a long time ago, but you suggestion is probably what I did. I was migrating some policies from PaloAlto to AFM and also trying to make it the more similar I could at same time for the customer.

renato_166638 · Answer

Richard, that was a long time ago, but you suggestion is probably what I did. I was migrating some policies from PaloAlto to AFM and also trying to make it the more similar I could at same time for the customer.

Forum Discussion

Invert match in AFM policy

5 Replies

Recent Discussions

What are the different phases in DevOps?

Create a CSR and Key using the BigIP LTM GUI when renewing a certificate

F5 Rseries HA

Error when running bigip_command Playbook against LTM : Syntax Error: unexpected argument /bin/sh\n

Can iRule be used to perform exception of IPI category based on Geolocation

Related Content

F5 Distributed Cloud - Service Policy - Header Matching Logic & Processing

LTM Policy – Matching Strategies

Auditing Security Policy Updates

Minimizing Security Complexity: Managing Distributed WAF Policies

LTM Policy