Allow domains on outbound virtual server with AFM policy

Question

Hi, We have a virtual server to forward traffic to the internet. We have a policy to block access on only ports 80 and 443. We woud like to replace the allowed destinations from IP address to a domain list. We do not have WAF license on the f5 but we do have APM license, can I leverage AFM or APM to allow domains only like microsoft.com

boneyard · Answer

APM with can do this SWG (Secure Web Gateway), though more in a proxy style. https://techdocs.f5.com/en-us/bigip-14-1-0/big-ip-access-policy-manager-secure-web-gateway-14-1-0/per-request-policy-configuration-for-swg.html

AFM can do this with FQDN objects. although im not 100% how it deals with different IP resolutions.

you could also do this with an irule and look at the Host header. shouldn't be that hard to build. though keeping such a list is some work i would say.

Forum Discussion

Allow domains on outbound virtual server with AFM policy

1 Reply

Recent Discussions

Rewrite uri translation not working

CONNECTION IS LOST DUE TO SELF IP IS DELIVERED

APM OCSP Responder Issues

no available managed rule groups for Israel il-central-1

[ASM] - what is "Browser Challange file" ?

Related Content

Integrating SSL Orchestrator with Fortinet FortiGate Virtual Edition as a Virtual Wire

Enriching AFM with public domain Threat Intelligence

domain blocking

Behavior of outbound DNS query from LTM behavior

Restricting access to a virtual server by Public IP address should access through only domain name.