BIG-IP Advanced Firewall Manager

BIG-IP Advanced Firewall Manager (AFM) License

F5 BIG-IP Advanced Firewall Manager™ (AFM) is a high-performance, stateful, full-proxy network firewall designed to guard data centers against incoming threats that enter the network on the most widely deployed protocols—including HTTP/S, SMTP, DNS, and FTP.

By aligning firewall policies with the applications they protect, BIG-IP AFM streamlines application deployment, security, and monitoring. BIG-IP AFM gives enterprises and service providers the scalability, flexibility, performance, and control needed to mitigate the most aggressive attacks before they reach the data center. BIG-IP AFM(BIG-IP Advanced Firewall Manager (AFM) License) forms the core of the F5 application delivery firewall solution.

Key benefits

Scales to meet network demand: Meets demanding data center scalability needs with a solution built on top of F5’s proven architecture, hardware systems, and virtual editions.

For more information, BIG-IP License

Protects with a full-proxy firewall: Terminates incoming client connections and inspects them, mitigating threats based on security and application parameters before forwarding them on to the server.

Streamlines firewall deployment: Simplifies security configuration with firewall policies oriented around applications and an efficient rules and policy user interface which speeds up app deployment.

Customizes reporting for visibility: Logs events at high speeds and defines per-application logging configuration, allowing flexibility in log destinations and information logged. Inspects SSL sessions.

Fully terminates SSL: Connections to identify potentially hidden attacks—and does this at high scale with high throughput.
Ensures application availability: Provides protection against 38 denial-of-service (DoS) vectors to ensure application availability, with detailed visibility into attack conditions. For certain platforms, SYN flood protection is handled in the hardware.

BIG-IP Advanced Firewall Manager (AFM) License

F5 BIG-IP AFM NAT Features

The industry-standard Network Address Translation (NAT) and Port Address Translation (PAT) features are supported by the licensed BIG-IP AFM (Advanced Firewall Manager). You can translate and map IPv4 and IPv6 addresses between networks using the various static and dynamic NAT and PAT modes offered by AFM NAT.

Sometimes, the words translation and mapping are used synonymously or in combination. As network packets cross network boundaries, translation specifically refers to changing the source or destination IP address or service port. The recording or monitoring of a successful translation is referred to as mapping. For instance, the licensed BIG-IP AFM NAT won’t know which private address a public facing packet should be sent to without a translation mapping.

To help you manage and keep track of NAT mapping events, The F5 BIG-IP AFM licensed AFM NAT also offers a number of extra features.

Allocation of a port block

In the Port Block Allocation (PBA) mode, log entries are only created when a subscriber first establishes a network connection, which reduces the amount of logging. In PBA mode, subscribers are given a single IP address and a block of ports. The block is then released when it is no longer in use by any connections.

Deterministic mode

Reversible mapping is used in deterministic mode to reduce the number of log messages while keeping the ability to find translated IP addresses for troubleshooting and compliance. Backup addresses can also be set up in deterministic mode.

Route advertisements

Destination IP addresses set up in NAT Policy can be forwarded to the advanced routing module of the BIG-IP system and advertised to peer routers through dynamic routing protocols like OSPF and BGP.

Requests for ICMP Echo and proxy ARP

In response to ICMP Echo or Proxy ARP requests for translated source IP addresses, these requests are made.

Persistence of translation addresses

In order to provide endpoint-independent address mapping, Translation Address Persistence assigns the same external translation IP addresses to all connections made by the same internal clients.

BIG-IP Advanced Firewall Manager (AFM) Order Pricing

Customers can order various BIG-IP software and licenses by contacting our sales specialists at Golicense.net.