Home » Security License » F5 » BIG-IP Add-Ons » BIG-IP AFM License
BIG-IP Advanced Firewall Manager (AFM) License
F5 BIG-IP Advanced Firewall Manager™ (AFM) is a high-performance, stateful, full-proxy network firewall designed to guard data centers against incoming threats that enter the network on the most widely deployed protocols—including HTTP/S, SMTP, DNS, and FTP.
By aligning firewall policies with the applications they protect, BIG-IP AFM streamlines application deployment, security, and monitoring. BIG-IP AFM gives enterprises and service providers the scalability, flexibility, performance, and control needed to mitigate the most aggressive attacks before they reach the data center. BIG-IP AFM(BIG-IP Advanced Firewall Manager (AFM) License) forms the core of the F5 License application delivery firewall solution.
BIG-IP Advanced Firewall Manager (AFM) License
The industry-standard Network Address Translation (NAT) and Port Address Translation (PAT) features are supported by the licensed BIG-IP AFM (Advanced Firewall Manager). You can translate and map IPv4 and IPv6 addresses between networks using the various static and dynamic NAT and PAT modes offered by AFM NAT.
Sometimes, the words translation and mapping are used synonymously or in combination. As network packets cross network boundaries, translation specifically refers to changing the source or destination IP address or service port. The recording or monitoring of a successful translation is referred to as mapping. For instance, the licensed BIG-IP AFM NAT won’t know which private address a public facing packet should be sent to without a translation mapping.
To help you manage and keep track of NAT mapping events, The F5 BIG-IP AFM licensed AFM NAT also offers a number of extra features.
In the Port Block Allocation (PBA) mode, log entries are only created when a subscriber first establishes a network connection, which reduces the amount of logging. In PBA mode, subscribers are given a single IP address and a block of ports. The block is then released when it is no longer in use by any connections.
Reversible mapping is used in deterministic mode to reduce the number of log messages while keeping the ability to find translated IP addresses for troubleshooting and compliance. Backup addresses can also be set up in deterministic mode.
Destination IP addresses set up in NAT Policy can be forwarded to the advanced routing module of the BIG-IP system and advertised to peer routers through dynamic routing protocols like OSPF and BGP.
In response to ICMP Echo or Proxy ARP requests for translated source IP addresses, these requests are made.
In order to provide endpoint-independent address mapping, Translation Address Persistence assigns the same external translation IP addresses to all connections made by the same internal clients.
Customers can order various BIG-IP software and licenses by contacting our sales specialists at Golicense.net
Customers are able to get more information about different BIG-IP licenses from our sales specialists.
"*" indicates required fields