F5 Firewall Solutions > 1. Class 1: AFM – The Data Center Firewall > 1.2. Lab 1 – Advanced Firewall Manager (AFM) > 1.2.5. Creating AFM Network Firewall Rules Source | Edit on

1.2.5.3. pyCreate and View Log Entries¶

In this section, you will generate various types of traffic through the firewall as you did previously, but now you will view the log entries using the network firewall log. Open your web browser and once again try to access http://10.1.20.11. Also, try to ping 10.1.20.11.

Open the Security > Event Logs > Network > Firewall page on bigip01.f5demo.com (10.1.1.4). The log file shows the ping requests are being accepted and the web traffic is being dropped:

Although we will not configure external logging in this lab, you should be aware that the BIG-IP supports high speed external logging in various formats including SevOne, Splunk and ArcSight.

Navigate ** Security > Options > Network Firewall > Firewall Options **

Default Firewall options configuration determine if the system is in ADC mode or Firewall Mode. In the screenshot below note the Virtual Server & Self IP Contexts Value. If it is set to Accept (system default) the Firewall is in ADC mode. For ths lab we will use Firewall Mode with the value set to Reject

Local-db-publisher is linked to the global-network logging profile in the next step

Add a log publisher to the log configuration

Navigate Security>>Event Logs>>Logging Profiles

Navigate Select Global Network

Navigate Click on the Network Firewall Tab

Navigate Use the publisher pulldown to select local-db-publisher

Review the configuration. The Storage Format section allows you to select the values included in the log.

Previous Next