Deflate DDoS attacks.

Stop volumetric attacks.

DDoS attacks saturate bandwidth, consume network resources, and disrupt application services. Can your infrastructure successfully fend them off?

With deep threat intelligence services and flexible mitigation options, BIG-IP Advanced Firewall Manager (AFM) defends against threats to network layers 3–4, stopping them before they reach your data center.

Specifically, BIG-IP AFM scales to shut down high-capacity DDoS attacks that can overwhelm load balancers, firewalls, and even networks. It automatically invokes mitigation, alerts security admins, and configures or adjusts DDoS thresholds as traffic patterns change and without affecting legitimate traffic.


If you can see and understand it, you can stop it.

BIG-IP AFM gives you deep attack visibility and intelligence, so you can expose and quickly act on threats.

It enforces blacklisting, stopping bad actors at the earliest point of access, at the network edge, or upstream—before feed lists are updated. By automatically signaling upstream edge routers or ISPs to drop or reroute blacklisted traffic, BIG-IP AFM keeps bad traffic away from specific network addresses and protects the data center against not only DDoS, but also other network or application attacks—before they materialize.

It also brings visibility and control to SSH and SSL connections, protecting against backdoor threats that use the SSH channel for data breaches and app attacks. And it inspects SSL sessions and terminates connections to identify attacks that are masked by encryption.


Works with other security solutions.

BIG-IP AFM combines with other BIG-IP solutions to strengthen and unify security capabilities. It eliminates the need for single-point products that support application delivery, application security, client-side protections, user access, and DNS security. That means increased efficiency and lower total costs.


Better together.

F5 products, technologies, and solutions work together to make sure your applications are always protected and work the way they should. Extend the effectiveness of BIG-IP AFM by combining it with the following products.

BIG-IP Application Security Manager (ASM)

Integrates with BIG-IP AFM and BIG-IP DNS to provide a consolidated approach to data center protection.

BIG-IQ Centralized Management

Helps you manage security policies and centralize reports and alerts across BIG-IP AFM and BIG-IP ASM.

Silverline DDoS Protection

Works with BIG-IP AFM to provide hybrid protection, offloading volumetric attacks to the cloud.


Extend security via open programmability.

You can extend the capabilities of BIG-IP AFM to expand its functionality and deploy custom rules that protect against complex, multi-level attacks.

  • Use F5 iRules scripting language for extensibility and customization of rules that mitigate sophisticated, uncommon zero-day threats.
  • Gain reporting visibility and understand your security status with customizable reports and charts that provide insight into user types and enable effective forensic analysis.