ADVANCED FIREWALL MANAGER
UNSURPASSAD NETWORK DEFENSE
Bringing together security and deep application fluency, BIG-IP Advanced Firewall Manager (AFM) delivers the most effective network-level security for enterprises and service providers alike. Whether on-premises or in a software-defined data center (SDDC), BIG-IP AFM tracks the state of network sessions, maintains application awareness, and mitigates threats based on more attack details than traditional network firewalls. AFM also protects your organization from the most aggressive volumetric distributed-denial-of-service (DDoS) attacks before they can reach your data center.
Ensure Uninterrupted Data Center Services:
BIG-IP AFM ensures traffic isn’t interrupted even under the most intense attacks, protecting the data center and the applications behind it. BIG-IP AFM scales to support millions of concurrent connections per second and provides more hardware-based vectors than other network firewalls.
Comprehensive DDoS Defense:
DDoS attacks can enter the network on a variety of protocols—including known bad actors, malformed packets, slow-and-low, and flood attack types. BIG-IP AFM uses the flexibility of the iRules scripting language, sophisticated filtering, immediate blacklisting, and over a hundred built-in threat vectors to identify and mitigate DDoS attacks.
Gain Deep Attack Visibility:
BIG-IP AFM helps you respond to threats quickly and with a full understanding of your security status. It provides summaries of current attack events, customizable reports, in-depth logging of attack details, and integration with SIEM tools.
Consolidate and Strengthen Security:
BIG-IP AFM combines with other BIG-IP solutions to enhance security capabilities. It eliminates the need for single-point products that support application delivery, application security, client-side protections, user access, and DNS security. That means increased efficiency and lower total cost of ownership.
App-centric Policy Enforcement: Unifies the application configuration with security parameters for tighter policy enforcement.
L3 and L4 Attack Protection: Terminates all connections and runs checks to identify and mitigate network-level threats before they reach the data center.
High-Volume Logging Controls: Logs DDoS events; supports SNMP, SIP, DNS, and IPFIX collectors; and provides controls that prevent log servers from becoming overwhelmed.
Intelligent Control: Automatically guards against known bad actors at the earliest traffic flow point.
ScaleN Virtual Clustered Multiprocessing (vCMP): Consolidates multiple firewalls onto a single device for more flexible and isolated allocation of resources.