Bringing together security and deep application fluency, BIG-IP Advanced Firewall Manager (AFM) delivers the most effective network-level security for enterprises and service providers alike. Whether on-premises or in a software-defined data center (SDDC), BIG-IP AFM tracks the state of network sessions, maintains application awareness, and mitigates threats based on more attack details than traditional network firewalls. AFM also protects your organization from the most aggressive volumetric distributed-denial-of-service (DDoS) attacks before they can reach your data center.
BIG-AFM ensures traffic isn’t interrupted even under the most intense attacks, protecting the data center and the applications behind it. BIG-IP AFM scales to support millions of concurrent connections per second and provides more hardware-based vectors than other network firewalls.
DDoS attacks can enter the network on a variety of protocols—including known bad actors, malformed packets, slow-and-low, and flood attack types. BIG-IP AFM uses the flexibility of the iRules scripting language, sophisticated filtering, immediate blacklisting, and over a hundred built-in threat vectors to identify and mitigate DDoS attacks.
BIG-IP AFM helps you respond to threats quickly and with a full understanding of your security status. It provides summaries of current attack events, customizable reports, in-depth logging of attack details, and integration with SIEM tools.
BIG-IP AFM combines with other BIG-IP solutions to enhance security capabilities. It eliminates the need for single-point products that support application delivery, application security, client-side protections, user access, and DNS security. That means increased efficiency and lower total cost of ownership.
Unifies the application configuration with security parameters for tighter policy enforcement.
Terminates all connections and runs checks to identify and mitigate network-level threats before they reach the data center.
Logs DDoS events; supports SNMP, SIP, DNS, and IPFIX collectors; and provides controls that prevent log servers from becoming overwhelmed.
Automatically guards against known bad actors at the earliest traffic flow point.
Enables efficient deployment and management for a consistent and effective security posture across an expanding set of firewall devices.
Consolidates multiple firewalls onto a single device for more flexible and isolated allocation of resources.
AFM integrates with a range of technologies and third-party solutions to provide the most advanced data center security, deep data analysis, increased access control and efficient deployment. Key partners include:
Case Study: MageMojo
- Eric Hileman, MageMojo Co-Founder
John Wagnon | 14 hours ago
We are always interested in security at F5, but this month we are taking it a step further and highlighting lots of great security content on DevCentral. From discussing new features on our Advanced Firewall Manager, to showing off some OWASP Top 10 vulnerability mitigation options, to showcasing our new Silverline Cloud-Based application services platform, to featuring several partner integration options, the month of February on DevCentral will not disappoint!
John Wagnon | 1 week ago
In this video, I am joined by David Holmes, Brian McHenry, and Jason Rahm to discuss some of the new and exciting features of the F5 Advanced Firewall Manager. Check out the video to see the answer to questions like:
Why did F5 build a network firewall if the BIG-IP is inherently a default-deny device?
How does the AFM protect against DDoS attacks...
The BIG-IP Advanced Firewall Manager (AFM) is a high-performance, stateful, full-proxy network firewall designed to guard against incoming threats that enter the network on the most widely deployed protocols. This article will show how to...
Has the traditional idea of a network perimeter changed over the past few years? If so, then where does the firewall fit into today's network architecture? Are there different types of firewalls that make sense to deploy in...
David Holmes | 2 weeks ago
It's time once again for another edition The Top Ten Hardcore Security Features! This time we're looking at Version 12 and all its juicy juiciness.