F5向けセキュリティ ポリシー の組織化(Orchestration)


Tufin Orchestration Suiteは、F5 Application Delivery Controllersに可視性、変更追跡、ネットワークパス分析を提供し、機動的でリスクのないポリシー変更を可能にします。


What is the F5 BIG-IP Advanced Firewall Manager?

F5 BIG-IP is a high-performance, full-proxy network security tool that protects against targeted network attacks. As a web application firewall solution, F5 attaches network security policies to application objects. However, BIG-IP Advanced Firewall Manager (AFM) logically aligns those application security policies with specific traffic flows for more effective security operations.

F5’s firewall and security policy products are built on full-proxy architecture, and incoming connections are fully severed and inspected for threats before they are forwarded to the server. With Distributed Denial of Service (DDoS) protection, DNS security, and intrusion protection systems, F5’s BIG-IP AFM provides features and benefits such as:

  • Mitigate network threats like protocol and DDoS attacks before they disrupt critical resources

  • Network protection and mitigations against DNS threats

  • Unified app configuration with network security policies

  • Protect SSH channels with granular, policy-based controls

  • Full visibility into data center traffic patterns

  • Threat visibility in SSL/TLS traffic

  • Employ full proxy capabilities to inspect incoming connections and server-to-client responses

  • Traffic management, load balancing, and application delivery built on BIG-IP LTM (Local Traffic Manager), which provides fluency in the most commonly deployed enterprise applications and service provider protocols

  • Extensible F5 rules allow for expanded functionality and custom rules for comprehensive protection from multi-level attacks

  • Real-time IP denylisting capabilities to circumvent attackers changing IP addresses and complement existing IP intelligence solutions

  • Use F5 iRules, a scripting language with open APIs, to create custom rules that thwart uncommon and/or sophisticated DDoS attacks

  • iRules customization enables IP intelligence and geolocation features

  • F5 BIG-IP platform is designed for native multi-threaded processing and seamlessly handles traffic spikes or planned growth without sacrificing services

  • ICSA Labs certified network firewall

  • Protocol security, routing, and maximum SSL