Bringing together security and deep application fluency, BIG-IP Advanced Firewall Manager (AFM) delivers the most effective network-level security for enterprises and service providers. Whether on-premises or in an SDDC environment, BIG-IP AFM tracks the state of network sessions, maintains application awareness, and uniquely mitigates attacks based on more attack details than traditional network firewalls. With an app-centric security model and full-proxy architecture, BIG-IP AFM protects your organization from the most aggressive volumetric distributed-denial-of-service (DDoS) attacks, before they can reach your data center.
BIG-IP AFM helps ensure traffic isn’t interrupted, even under the most intense attacks. It scales to support millions of concurrent connections per second, automatically sizes threshold values, and provides more hardware-based vectors for faster attack detection. It systematically manages the unknown by identifying and controlling apps exhibiting evasive tactics. BIG-IP AFM combines with F5 Silverline DDoS Protection for hybrid protection to offload volumetric attacks in the cloud.
BIG-IP AFM uses the flexibility of the iRules scripting language, sophisticated filtering, behavioral analysis, immediate blacklisting, machine learning, and over a hundred built-in threat vectors to identify and mitigate DDoS attacks. It provides east-west protections and enables you to systematically manage unknown port evasive traffic.
BIG-IP AFM helps you respond to threats quickly and with a full understanding of your security status in real time. It provides summaries of current attack events, customizable reports, in-depth logging of attack details, and integration with SIEM tools.
BIG-IP AFM combines with other BIG-IP solutions to enhance security capabilities. It eliminates the need for single-point products that support application delivery, application security, client-side protections, user access, and DNS security. That means increased efficiency and lower total cost of ownership.
Unifies the application configuration with security parameters to exact tighter policy enforcement.
Terminates all connections and transparently runs checks to identify and mitigate network, DNS, and SSL attacks—before they reach the datacenter.
Logs DoS events at high speeds, supports SNMP, SIP, DNS, and IPFIX collectors, and provides controls that prevent log servers from becoming overwhelmed.
Automatically guards against known bad actors at the earliest point in the traffic flow with RTBH, while accelerating black listing based on intelligent reputation feeds from 3rd party services and other F5 security solutions.
Enables efficient deployment and management for a consistent and effective security posture across an expanding set of F5 network security devices at scale, lowering your total cost of ownership.
Delivers fine-grained control over SSH channel in the datacenter, with policy-based protections, regular key management, and session time-out enforcement.
AFM integrates with a range of technologies and third-party solutions to provide the most advanced data center security, deep data analysis, increased access control and efficient deployment. Key partners include:
Case Study: MageMojo
- Eric Hileman, MageMojo Co-Founder
Peter Silva | 4 months ago
As I’m sure you are aware, the business computing environment is evolving. From all of us and the multitude of devices we now carry and interact with, along with the various ways we access information…to all of the applications and the...
John Wagnon | 5 months ago
We are always interested in security at F5, but this month we are taking it a step further and highlighting lots of great security content on DevCentral. From discussing new features on our Advanced Firewall Manager, to showing off some OWASP Top 10 vulnerability mitigation options, to showcasing our new Silverline Cloud-Based application services platform, to featuring several partner integration options, the month of February on DevCentral will not disappoint!
The BIG-IP Advanced Firewall Manager (AFM) is a high-performance, stateful, full-proxy network firewall designed to guard against incoming threats that enter the network on the most widely deployed protocols. This article will show how to...
David Holmes | 1/25/2016
It's time once again for another edition The Top Ten Hardcore Security Features! This time we're looking at Version 12 and all its juicy juiciness.
Eric Chen | 1/7/2016
I decided that the Raspberry Pi would be a good candidate as a test server for using F5 solutions to make it fast, secure, and available. I ended up with a test setup where I sped up the performance of my test site running on my RPi by a factor of two and protected it from simple network attacks like a L4 SYN flood and L7 slowloris/slow read attacks.