Your business relies on applications for internal productivity and external customer access. Those applications and the data centers that host them are increasingly under threat from sophisticated, targeted attacks.

BIG-IP Advanced Firewall Manager (AFM) is a high-performance, stateful, full-proxy network firewall designed to guard your data center against incoming threats that enter the network on the most widely deployed protocols—including HTTP/S, SMTP, DNS, and FTP. 

Scale to meet network demand

To meet urgent data center scalability needs, BIG-IP AFM leverages the high performance and flexibility of F5’s proven TMOS architecture, hardware systems, and virtual editions.

  • Provides high throughput and session set-up rate for high-volume applications and environments
  • Surpasses existing firewalls on capacity and performance
  • Reduces footprint and power requirements

More

Protect with a full-proxy firewall

Unlike traditional firewalls, BIG-IP AFM is built on a full-proxy architecture, which means that incoming client connections are fully terminated, inspected, and only then forwarded to the server—assuming no threats are present.

In the reverse direction, BIG-IP AFM also proxies and inspects server-to-client communication to ensure no private data, such as credit card or Social Security numbers, is accidentally leaked.

  • Integrated firewall provides network-level security
  • Full-proxy security with detailed application fluency
  • At high scale, inspects and offloads SSL connections to identify hidden attacks

More

Simplify security architecture

By bringing together application delivery, application security, user access, and firewall policies, BIG-IP AFM streamlines application deployment and simplifies firewall policy assurance.


Rather than rigid, zone-based or segment-based constructs, with BIG-IP AFM, firewall policies are more logically aligned with the applications themselves. Details about the application parameters, including server addressing, SSL offload, and access policies, are now grouped together with security parameters, including firewall policies, SSL inspection, and logging. 

Ensure application availability

Protect your applications against 38 DoS vectors with detailed visibility into attack conditions. 

F5 hardware platforms have the scale and capacity to handle high-volume attacks. At the same time, the full-proxy architecture of BIG-IP AFM mitigates many attacks before they even reach the server, so the applications your business relies on remain secure and available.  

  • Each DoS vector is customizable with configurable high watermarks 
  • SYN flood protection is handled in hardware
  • By acting as an SSL proxy, BIG-IP AFM can detect otherwise encrypted attack conditions 

More

TAKE A CLOSER LOOK

Check out BIG-IP hardware from different angles.

NEW: 10200v   4000   2000
11000   8900   6900   3900   3600   1600


Also available on VIPRION  hardware.


Chassis:  *NEW 4800*   4480   2400

Blades:  4300   4200   2100


Prefer to go virtual?

Try BIG-IP virtual editions for ultimate deployment flexibility.

Related Solutions