DDoS attacks saturate bandwidth, consume network resources, and disrupt application services. Can your infrastructure successfully fend them off?
With deep threat intelligence services and flexible mitigation options, BIG-IP Advanced Firewall Manager (AFM) defends against threats to network layers 3–4, stopping them before they reach your data center.
Specifically, BIG-IP AFM scales to shut down high-capacity DDoS attacks that can overwhelm load balancers, firewalls, and even networks. It automatically invokes mitigation, alerts security admins, and configures or adjusts DDoS thresholds as traffic patterns change and without affecting legitimate traffic.
BIG-IP AFM gives you deep attack visibility and intelligence, so you can expose and quickly act on threats.
It enforces blacklisting, stopping bad actors at the earliest point of access, at the network edge, or upstream—before feed lists are updated. By automatically signaling upstream edge routers or ISPs to drop or reroute blacklisted traffic, BIG-IP AFM keeps bad traffic away from specific network addresses and protects the data center against not only DDoS, but also other network or application attacks—before they materialize.
It also brings visibility and control to SSH and SSL connections, protecting against backdoor threats that use the SSH channel for data breaches and app attacks. And it inspects SSL sessions and terminates connections to identify attacks that are masked by encryption.
BIG-IP AFM combines with other BIG-IP solutions to strengthen and unify security capabilities. It eliminates the need for single-point products that support application delivery, application security, client-side protections, user access, and DNS security. That means increased efficiency and lower total costs.
F5 products, technologies, and solutions work together to make sure your applications are always protected and work the way they should. Extend the effectiveness of BIG-IP AFM by combining it with the following products.
Integrates with BIG-IP AFM and BIG-IP DNS to provide a consolidated approach to data center protection.
Helps you manage security policies and centralize reports and alerts across BIG-IP AFM and BIG-IP ASM.
Works with BIG-IP AFM to provide hybrid protection, offloading volumetric attacks to the cloud.
You can extend the capabilities of BIG-IP AFM to expand its functionality and deploy custom rules that protect against complex, multi-level attacks.