What is F5 BIG-IP Advanced Firewall Manager (AFM)?
F5 BIG-IP Advanced Firewall Manager (AFM) is a full-proxy network security solution designed to protect networks and data centers against incoming threats that enter the network on the most widely deployed protocols. Built on F5’s BIG-IP hardware and software platform, BIG-IP AFM is presented as a scalable platform that delivers the flexibility, performance, and control needed to mitigate aggressive distributed denial-of-service (DDoS) and protocol attacks before they overwhelm and degrade business critical services.
F5 intrusion prevention system (IPS), natively a part of F5 BIG-IP AFM, performs Layer 5-7 inspection of all incoming traffic and protects more than 25 protocols and infrastructure applications against security incidents and exploits. BIG-IP AFM’s IPS solution reviews traffic for adherence to protocol standards, matching it against hundreds of known attack signatures. It protects DNS infrastructure against protocol attacks and exploits that can impact performance. For service providers, BIG-IP AFM IPS protects the network edge, performing traffic inspection and protocol adherence for prevalent service provider protocols such as SS7, Diameter, HTTP/2, GTP, SCTP and SIP traffic coming into the network over UDP, TCP, and SCTP.
F5 BIG-IP Advanced Firewall Manager (AFM) Features
Supported: Identification Technologies
Supported: Visualization Tools
Supported: Content Inspection
Supported: Policy-based Controls
Supported: Firewall Management Console
Supported: Reporting and Logging
Supported: High Availability
Supported: Stateful Inspection
Supported: Proxy Server
Supported: High-volume logging controls - Supports, SNMP, SIP, DNS, IPFIX collectors, and protects log servers from being overwhelmed.
Supported: S/GI firewall for service providers - Defends network infrastructure and mobile subscribers from attacks such as DDoS.
Supported: SSH Channel Protection - Provides granular, policy-based control over SSH traffic in data centers.
F5 BIG-IP Advanced Firewall Manager (AFM) Videos
In this video F5 demonstrates how offloading DDoS detection and mitigation from BIG-IP AFM VE to an Intel SmartNIC empowers organizations to prevent large, complex attacks from overwhelming their virtualized environments.
F5 DevCentral's John Wagnon discusses solutions to apply BIG-IP Advanced Firewall Manager (AFM) policies dynamically based on geolocation of source IP address.
Both F5 [BIG-IP Advanced Firewall Manager] and Radware require training as they are not easy to use. But Radware uses some configuration that needs deep learning and proper labs. From an admin's perspective, Configuration and management for F5 [BIG-IP Advanced Firewall Manager are] less. Also, the cost of implementing F5 [BIG-IP Advanced Firewall Manager] is lesser than that of Radware Alteon.
The F5 Advanced Firewall Manager is being used across our entire organization allowing us to manage the toll for all employees with one team and one contact point. It also ensures all divisions have the same security which is key as we reorganize and restructure. All groups can expect the same functionality.
F5 Advanced Firewall Manager is good for large organizations that need to have a consistent experience for all end users. Might be a little much in the terms of complexity for smaller organizations. Either way, it provides a strong solution that meets the needs of both the IT security group and the end-user.
SolarWinds Network Configuration Manager is a bit easier to initially set up than F5 Advanced Firewall Manager but not as robust in its ability to manage different devices with different profiles. Different machines need different access and F5 Advanced Firewall Manager is better at allowing flexibility in identifying different devices and managing what they can access.
F5 Advanced Firewall Manager has been a solid, strong solution to both keep our systems safe and being seamless for our end users. Most of the time, the end-user is not impacted and does not even know F5 Advanced Firewall Manager is running which is exactly what we are looking for.