The F5 BIG-IP WAF can identify and block attacks, filter, monitor, and block HTTP/S traffic, to and from a web application to protect against malicious attempts that can compromise the system or ex-filtrate data. By inspecting HTTP/S traffic, the F5 BIG-IP WAF can prevent web application attacks such as cross-site scripting, SQL injection, cookie poisoning, invalid input etc.
This document provides information about the F5 BIG-IP WAF connector, which facilitates automated interactions with an F5 BIG-IP WAF server using FortiSOAR™ playbooks. Add the F5 BIG-IP WAF connector as a step in FortiSOAR™ playbooks and perform automated operations, such as creating or deleting network firewall policy and associated rules, listing network policies and associated rules, and updating network firewall policy rules.
Connector Version: 1.0.0
FortiSOAR™ Version Tested on: 4.12.1-253 and later
F5 BIG-IP WAF Version Tested on: 14.0.0.3-0.0.4
Authored By: Fortinet
Certified: Yes
All connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and use the yum
command to install connectors:
yum install cyops-connector-f5-big-ip-waf
For the detailed procedure to install a connector, click here.
For the procedure to configure a connector, click here.
In FortiSOAR™, on the connectors page, select the F5 BIG-IP WAF connector row, and in the Configure tab enter the required configuration details.
Parameter | Description |
---|---|
Server Address | IP address or FQDN of the F5 BIG-IP WAF server to which you will connect and perform the automated operations. |
Username | Username used to access the F5 BIG-IP WAF server to which you will connect and perform the automated operations. |
Password | Password used to access the F5 BIG-IP WAF server to which you will connect and perform the automated operations. |
Verify SSL | Specifies whether the SSL certificate for the server is to be verified or not. By default, this option is set as True. |
The following automated operations can be included in playbooks, and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 and onwards:
Function | Description | Annotation and Category |
---|---|---|
Create Network Firewall Policy | Creates a new network firewall policy for the specified partition on F5 BIG-IP WAF based on the policy name provided. | create_policy Miscellaneous |
Create Network Firewall Policy Rule | Creates a new rule for the specified network firewall policy in F5 BIG-IP WAF. | create_policy_rule Miscellaneous |
Get List of Virtual Servers | Retrieves a list of virtual servers from F5 BIG-IP WAF. |
List_virtual_servers Investigation |
Get List of Policy Rules | Retrieves a list of rules associated with the specified network firewall policy from F5 BIG-IP WAF. | list_policy_rules Investigation |
Get List of Network Firewall Policies | Retrieves a list of network firewall policies for the specified partition from F5 BIG-IP WAF. | get_policy Investigation |
Apply Network Firewall Policy to Virtual Server | Applies or removes network firewall policy for the specified virtual server. |
apply_policy Investigation |
Update Network Firewall Policy Rule | Updates an existing rule for the specified network firewall policy on F5 BIG-IP WAF. | update_policy_rule Investigation |
Delete Network Firewall Policy | Deletes the specified network firewall policy from F5 BIG-IP WAF. | delete_policy Miscellaneous |
Delete Network Firewall Policy Rule | Deletes a rule for the specified network firewall policy from F5 BIG-IP WAF. | delete_policy_rule Miscellaneous |
Parameter | Description |
---|---|
Policy Name | Name of the network firewall policy that you want to create on F5 BIG-IP WAF. |
Partition | Name of the network partition to which to apply the new policy that you want to create on F5 BIG-IP WAF. By default, the new policy will be applied to the Common partition. Partitions are containers with administrative boundaries that you control with access permissions. |
Description | Description of the new network firewall policy that you want to create on F5 BIG-IP WAF. |
The output contains the following populated JSON schema:
{
"name": "",
"kind": "",
"fullPath": "",
"description": "",
"rulesReference": {
"link": "",
"isSubcollection": ""
},
"selfLink": "",
"generation": "",
"partition": ""
}
Parameter |
Description |
Policy Name |
Name of the existing firewall policy for which you want to create the new rule in F5 BIG-IP WAF. |
Partition |
Name of the network partition to which to apply the new rule on F5 BIG-IP WAF. By default, the new rule will be applied to the Common partition. Partitions are containers with administrative boundaries that you control with access permissions. |
Rule Name |
Name of the new rule that you want to create on F5 BIG-IP WAF for the specified firewall policy. |
State |
State (Enabled or Disabled) in which you want to create the new rule on F5 BIG-IP WAF. Enabled - applies the new rule to the addresses and ports specified, by default. Disabled - does not apply the new rule to the addresses and ports specified, by default. |
Protocol |
The protocol to which the new firewall policy rule will be applicable on F5 BIG-IP WAF. |
Specify Rule Position |
Specify whether you want to add the new rule at the beginning or at end of the rules list for the specified policy on F5 BIG-IP WAF. |
Action |
Select from the actions - Accept, Drop or Reject, to specify whether to accept, drop or reject the connection with the IP addresses provided in Source and/or Destination. |
Source |
Comma-separated list of source IP addresses or the range of IP addresses which the new firewall rule will be applicable on F5 BIG-IP WAF. |
Destination |
Comma-separated list of destination IP addresses or the range of IP addresses which the new firewall rule will be applicable on F5 BIG-IP WAF. |
iRule |
Specify an iRule to be applied to the new firewall policy rule on F5 BIG-IP WAF. An iRule can be started when the firewall rule matches traffic. |
iRule Sampling Rate |
Specify the frequency with which an iRule is to be triggered in the new rule, for sampling purposes on F5 BIG-IP WAF. The value you configure is one out of n times the iRule is triggered. For example, set this field to 5 to trigger the iRule one out of every five times the rule matches a flow. |
Send to Virtual Server |
Specify a virtual server to which to send the traffic that matches the iRule on F5 BIG-IP WAF. |
Service Policy |
Specify a service policy to apply to the new firewall policy rule on F5 BIG-IP WAF. A service policy collects flow timer and flow timeout features in a policy that can be applied to different contexts, and allows you to configure policies to drop traffic on a specified port when the service does not match. |
Protocol Inspection Profile |
Specify a protocol inspection profile to associate with the new firewall policy rule on F5 BIG-IP WAF. Protocol inspection profiles can be configured to run multiple inspections across different protocols. |
Classification Policy |
Specify a classification policy to associate with the new firewall policy rule on F5 BIG-IP WAF. |
Enable Logging for Rule |
Specify whether logging should be enabled or disabled for the new firewall policy rule on F5 BIG-IP WAF. |
The output contains the following populated JSON schema:
{
"name": "",
"ipProtocol": "",
"action": "",
"selfLink": "",
"generation": "",
"kind": "",
"source": {
"addresses": [
{
"name": ""
}
],
"identity": {}
},
"fullPath": "",
"log": "",
"status": "",
"destination": {},
"iruleSampleRate": ""
}
Parameter | Description |
---|---|
Policy Name | Name of the network firewall policy for which you want to retrieve the list of associated rules from F5 BIG-IP WAF. |
Partition | Name of the network partition for which to retrieve the list of associated firewall policy rules from F5 BIG-IP WAF. By default, the firewall policy rules list will be fetched for the Common partition. Partitions are containers with administrative boundaries that you control with access permissions. |
The output contains the following populated JSON schema:
{
"kind": "",
"items": [
{
"kind": "",
"ipProtocol": "",
"status": "",
"selfLink": "",
"generation": "",
"name": "",
"source": {
"identity": {}
},
"fullPath": "",
"log": "",
"action": "",
"destination": {},
"iruleSampleRate": ""
}
],
"selfLink": ""
}
None.
The output contains the following populated JSON schema:
{
"kind": "",
"selfLink": "",
"items": [
{
"generation": "",
"lastModifiedTime": "",
"cmpEnabled": "",
"throughputCapacity": "",
"fwStagedPolicyReference": {
"link": ""
},
"rateLimit": "",
"mask": "",
"source": "",
"ipProtocol": "",
"poolReference": {
"link": ""
},
"partition": "",
"fwEnforcedPolicyReference": {
"link": ""
},
"translateAddress": "",
"enabled": "",
"synCookieStatus": "",
"sourcePort": "",
"fwEnforcedPolicy": "",
"rateLimitSrcMask": "",
"mirror": "",
"rateLimitDstMask": "",
"name": "",
"addressStatus": "",
"rateLimitMode": "",
"nat64": "",
"securityNatPolicy": {
"useDevicePolicy": "",
"useRouteDomainPolicy": ""
},
"kind": "",
"selfLink": "",
"connectionLimit": "",
"profilesReference": {
"link": "",
"isSubcollection": ""
},
"gtmScore": "",
"vsIndex": "",
"creationTime": "",
"fullPath": "",
"sourceAddressTranslation": {
"type": ""
},
"vlansDisabled": "",
"pool": "",
"destination": "",
"fwStagedPolicy": "",
"policiesReference": {
"link": "",
"isSubcollection": ""
},
"mobileAppTunnel": "",
"autoLasthop": "",
"serviceDownImmediateAction": "",
"translatePort": ""
}
]
}
None.
The output contains the following populated JSON schema:
{
"kind": "",
"items": [
{
"name": "",
"kind": "",
"fullPath": "",
"rulesReference": {
"link": "",
"isSubcollection": ""
},
"selfLink": "",
"generation": "",
"partition": ""
}
],
"selfLink": ""
}
Parameter |
Description |
Virtual Server Name |
Name of the virtual server to which you want to apply a network firewall policy on F5 BIG-IP WAF. |
Partition |
Name of the network partition where the virtual server belongs on F5 BIG-IP WAF. You can find the partition name for a virtual server using ‘Get List of Virtual Servers’ action. |
Enforcement |
Enables or disables the firewall policy for the specified virtual server in the Network Firewall area on F5 BIG-IP WAF. If you select Enabled, then select the firewall policy to be applied on the virtual server. If you select Disabled, then any previously applied firewall policy on the virtual server will be removed. |
Policy Name |
Name of the firewall policy that you want to apply on the specified virtual server in Enforcement, on F5 BIG-IP WAF. Note: The firewall policies defined for Common partition can also be applied to the virtual servers in other partitions. However, the policies defined for any other partitions can not be applied to the virtual servers in Common partition. |
Staging |
Enables or disables the staging of firewall policy for the specified virtual server in the Network Firewall area on F5 BIG-IP WAF. If you select Enabled, then select the firewall policy to be staged for applying on the virtual server. If you select Disabled, then any previously staged firewall policy will be removed for the virtual server. |
Policy Name |
Name of the firewall policy that you want to apply on the specified virtual server in Staging, on F5 BIG-IP WAF. Note: The firewall policies defined for Common partition can also be applied to the virtual servers in other partitions. However, the policies defined for any other partitions can not be applied to the virtual servers in Common partition. |
The output contains the following populated JSON schema:
{
"generation": "",
"connectionLimit": "",
"description": "",
"cmpEnabled": "",
"rateLimitMode": "",
"fwStagedPolicyReference": {
"link": ""
},
"vsIndex": "",
"mask": "",
"ipProtocol": "",
"source": "",
"partition": "",
"fwEnforcedPolicyReference": {
"link": ""
},
"translateAddress": "",
"policiesReference": {
"link": "",
"isSubcollection": ""
},
"enabled": "",
"lastModifiedTime": "",
"sourcePort": "",
"rateLimitSrcMask": "",
"mirror": "",
"name": "",
"addressStatus": "",
"nat64": "",
"synCookieStatus": "",
"securityNatPolicy": {
"useDevicePolicy": "",
"useRouteDomainPolicy": ""
},
"kind": "",
"selfLink": "",
"vlansDisabled": "",
"profilesReference": {
"link": "",
"isSubcollection": ""
},
"gtmScore": "",
"destination": "",
"creationTime": "",
"fullPath": "",
"fwStagedPolicy": "",
"sourceAddressTranslation": {
"type": ""
},
"rateLimit": "",
"rateLimitDstMask": "",
"fwEnforcedPolicy": "",
"throughputCapacity": "",
"mobileAppTunnel": "",
"autoLasthop": "",
"serviceDownImmediateAction": "",
"translatePort": ""
}
Parameter |
Description |
Policy Name |
Name of the existing firewall policy for which you want to update the associated rule in F5 BIG-IP WAF. |
Partition |
Name of the network partition for which you want to update the associated firewall policy rule on F5 BIG-IP WAF. By default, the rule will be updated for the Common partition. Partitions are containers with administrative boundaries that you control with access permissions. |
Rule Name |
Name of the existing rule that you want to update on F5 BIG-IP WAF for the specified policy. |
State |
Update the State (Enabled or Disabled) of the specified firewall policy rule on F5 BIG-IP WAF. Enabled - applies the updated rule to the addresses and ports specified, by default. Disabled - does not apply the updated rule to the addresses and ports specified, by default. |
Protocol |
The protocol to which the updated firewall policy rule will be applicable on F5 BIG-IP WAF. |
Action |
Select from the actions - Accept, Drop or Reject, to specify whether to accept, drop or reject the connection with the IP addresses provided in Source and/or Destination. |
Source/Destination IP Addresses |
Specify whether to add or remove the IP addresses specified in the Source and Destination. Add - adds the specified IPs to the rule being updated. Remove - removes the specified IPs from the rule being updated. |
Source |
Comma-separated list of source IP addresses or the range of IP addresses that you want to add or remove from the firewall policy rule. |
Destination |
Comma-separated list of destination IP addresses or the range of IP addresses that you want to add or remove from the firewall policy rule. |
iRule |
Specify an iRule to be applied to the firewall policy rule on F5 BIG-IP WAF. An iRule can be started when the firewall rule matches traffic. |
iRule Sampling Rate |
Specify the frequency with which an iRule is to be triggered in the firewall policy rule, for sampling purposes on F5 BIG-IP WAF. The value you configure is one out of n times the iRule is triggered. For example, set this field to 5 to trigger the iRule one out of every five times the rule matches a flow. |
Send to Virtual Server |
Specify a virtual server to which to send the traffic that matches the iRule on F5 BIG-IP WAF. |
Service Policy |
Specify a service policy to apply to the firewall policy rule on F5 BIG-IP WAF. A service policy collects flow timer and flow timeout features in a policy that can be applied to different contexts, and allows you to configure policies to drop traffic on a specified port when the service does not match. |
Protocol Inspection Profile |
Specify a protocol inspection profile to associate with the firewall policy rule on F5 BIG-IP WAF. Protocol inspection profiles can be configured to run multiple inspections across different protocols. |
Classification Policy |
Specify a classification policy to associate with the new firewall policy rule on F5 BIG-IP WAF. |
Enable Logging for Rule |
Specify whether logging should be enabled or disabled for the rule you want to update on F5 BIG-IP WAF. |
The output contains the following populated JSON schema:
{
"name": "",
"ipProtocol": "",
"action": "",
"selfLink": "",
"generation": "",
"kind": "",
"source": {
"addresses": [
{
"name": ""
}
],
"identity": {}
},
"fullPath": "",
"log": "",
"status": "",
"destination": {
"addresses": [
{
"name": ""
}
]
},
"iruleSampleRate": ""
}
Parameter | Description |
---|---|
Policy Name | Name of the existing network firewall policy that you want to delete from F5 BIG-IP WAF. |
Partition | Name of the network partition for which to delete the firewall policy in F5 BIG-IP WAF. By default, the specified firewall policy is deleted for the Common partition. Partitions are containers with administrative boundaries that you control with access permissions. |
The output contains the following populated JSON schema:
{
"result": "",
"status": ""
}
Parameter | Description |
---|---|
Policy Name | Name of the existing network firewall policy for which you want to delete an associated rule in F5 BIG-IP WAF. |
Partition | Name of the network partition for which to delete the associated firewall policy rule in F5 BIG-IP WAF. By default, the rule is deleted for the Common partition. Partitions are containers with administrative boundaries that you control with access permissions. |
Rule Name | Name of the rule that you want to delete from F5 BIG-IP WAF for the specified firewall policy. |
The output contains the following populated JSON schema:
{
"result": "",
"status": ""
}
The Sample - F5 BIG-IP WAF - 1.0.0
playbook collection comes bundled with the F5 BIG-IP WAF connector. These playbooks contain steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the F5 BIG-IP WAF connector.
Apply Network Firewall Policy to Virtual Server
Create Network Firewall Policy
Create Network Firewall Policy Rule
Delete Network Firewall Policy
Delete Network Firewall Policy Rule
Get List of Network Firewall Policies
Get List of Policy Rules
Get List of Virtual Server
Update Network Firewall Policy Rule
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.
The F5 BIG-IP WAF can identify and block attacks, filter, monitor, and block HTTP/S traffic, to and from a web application to protect against malicious attempts that can compromise the system or ex-filtrate data. By inspecting HTTP/S traffic, the F5 BIG-IP WAF can prevent web application attacks such as cross-site scripting, SQL injection, cookie poisoning, invalid input etc.
This document provides information about the F5 BIG-IP WAF connector, which facilitates automated interactions with an F5 BIG-IP WAF server using FortiSOAR™ playbooks. Add the F5 BIG-IP WAF connector as a step in FortiSOAR™ playbooks and perform automated operations, such as creating or deleting network firewall policy and associated rules, listing network policies and associated rules, and updating network firewall policy rules.
Connector Version: 1.0.0
FortiSOAR™ Version Tested on: 4.12.1-253 and later
F5 BIG-IP WAF Version Tested on: 14.0.0.3-0.0.4
Authored By: Fortinet
Certified: Yes
All connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and use the yum
command to install connectors:
yum install cyops-connector-f5-big-ip-waf
For the detailed procedure to install a connector, click here.
For the procedure to configure a connector, click here.
In FortiSOAR™, on the connectors page, select the F5 BIG-IP WAF connector row, and in the Configure tab enter the required configuration details.
Parameter | Description |
---|---|
Server Address | IP address or FQDN of the F5 BIG-IP WAF server to which you will connect and perform the automated operations. |
Username | Username used to access the F5 BIG-IP WAF server to which you will connect and perform the automated operations. |
Password | Password used to access the F5 BIG-IP WAF server to which you will connect and perform the automated operations. |
Verify SSL | Specifies whether the SSL certificate for the server is to be verified or not. By default, this option is set as True. |
The following automated operations can be included in playbooks, and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 and onwards:
Function | Description | Annotation and Category |
---|---|---|
Create Network Firewall Policy | Creates a new network firewall policy for the specified partition on F5 BIG-IP WAF based on the policy name provided. | create_policy Miscellaneous |
Create Network Firewall Policy Rule | Creates a new rule for the specified network firewall policy in F5 BIG-IP WAF. | create_policy_rule Miscellaneous |
Get List of Virtual Servers | Retrieves a list of virtual servers from F5 BIG-IP WAF. |
List_virtual_servers Investigation |
Get List of Policy Rules | Retrieves a list of rules associated with the specified network firewall policy from F5 BIG-IP WAF. | list_policy_rules Investigation |
Get List of Network Firewall Policies | Retrieves a list of network firewall policies for the specified partition from F5 BIG-IP WAF. | get_policy Investigation |
Apply Network Firewall Policy to Virtual Server | Applies or removes network firewall policy for the specified virtual server. |
apply_policy Investigation |
Update Network Firewall Policy Rule | Updates an existing rule for the specified network firewall policy on F5 BIG-IP WAF. | update_policy_rule Investigation |
Delete Network Firewall Policy | Deletes the specified network firewall policy from F5 BIG-IP WAF. | delete_policy Miscellaneous |
Delete Network Firewall Policy Rule | Deletes a rule for the specified network firewall policy from F5 BIG-IP WAF. | delete_policy_rule Miscellaneous |
Parameter | Description |
---|---|
Policy Name | Name of the network firewall policy that you want to create on F5 BIG-IP WAF. |
Partition | Name of the network partition to which to apply the new policy that you want to create on F5 BIG-IP WAF. By default, the new policy will be applied to the Common partition. Partitions are containers with administrative boundaries that you control with access permissions. |
Description | Description of the new network firewall policy that you want to create on F5 BIG-IP WAF. |
The output contains the following populated JSON schema:
{
"name": "",
"kind": "",
"fullPath": "",
"description": "",
"rulesReference": {
"link": "",
"isSubcollection": ""
},
"selfLink": "",
"generation": "",
"partition": ""
}
Parameter |
Description |
Policy Name |
Name of the existing firewall policy for which you want to create the new rule in F5 BIG-IP WAF. |
Partition |
Name of the network partition to which to apply the new rule on F5 BIG-IP WAF. By default, the new rule will be applied to the Common partition. Partitions are containers with administrative boundaries that you control with access permissions. |
Rule Name |
Name of the new rule that you want to create on F5 BIG-IP WAF for the specified firewall policy. |
State |
State (Enabled or Disabled) in which you want to create the new rule on F5 BIG-IP WAF. Enabled - applies the new rule to the addresses and ports specified, by default. Disabled - does not apply the new rule to the addresses and ports specified, by default. |
Protocol |
The protocol to which the new firewall policy rule will be applicable on F5 BIG-IP WAF. |
Specify Rule Position |
Specify whether you want to add the new rule at the beginning or at end of the rules list for the specified policy on F5 BIG-IP WAF. |
Action |
Select from the actions - Accept, Drop or Reject, to specify whether to accept, drop or reject the connection with the IP addresses provided in Source and/or Destination. |
Source |
Comma-separated list of source IP addresses or the range of IP addresses which the new firewall rule will be applicable on F5 BIG-IP WAF. |
Destination |
Comma-separated list of destination IP addresses or the range of IP addresses which the new firewall rule will be applicable on F5 BIG-IP WAF. |
iRule |
Specify an iRule to be applied to the new firewall policy rule on F5 BIG-IP WAF. An iRule can be started when the firewall rule matches traffic. |
iRule Sampling Rate |
Specify the frequency with which an iRule is to be triggered in the new rule, for sampling purposes on F5 BIG-IP WAF. The value you configure is one out of n times the iRule is triggered. For example, set this field to 5 to trigger the iRule one out of every five times the rule matches a flow. |
Send to Virtual Server |
Specify a virtual server to which to send the traffic that matches the iRule on F5 BIG-IP WAF. |
Service Policy |
Specify a service policy to apply to the new firewall policy rule on F5 BIG-IP WAF. A service policy collects flow timer and flow timeout features in a policy that can be applied to different contexts, and allows you to configure policies to drop traffic on a specified port when the service does not match. |
Protocol Inspection Profile |
Specify a protocol inspection profile to associate with the new firewall policy rule on F5 BIG-IP WAF. Protocol inspection profiles can be configured to run multiple inspections across different protocols. |
Classification Policy |
Specify a classification policy to associate with the new firewall policy rule on F5 BIG-IP WAF. |
Enable Logging for Rule |
Specify whether logging should be enabled or disabled for the new firewall policy rule on F5 BIG-IP WAF. |
The output contains the following populated JSON schema:
{
"name": "",
"ipProtocol": "",
"action": "",
"selfLink": "",
"generation": "",
"kind": "",
"source": {
"addresses": [
{
"name": ""
}
],
"identity": {}
},
"fullPath": "",
"log": "",
"status": "",
"destination": {},
"iruleSampleRate": ""
}
Parameter | Description |
---|---|
Policy Name | Name of the network firewall policy for which you want to retrieve the list of associated rules from F5 BIG-IP WAF. |
Partition | Name of the network partition for which to retrieve the list of associated firewall policy rules from F5 BIG-IP WAF. By default, the firewall policy rules list will be fetched for the Common partition. Partitions are containers with administrative boundaries that you control with access permissions. |
The output contains the following populated JSON schema:
{
"kind": "",
"items": [
{
"kind": "",
"ipProtocol": "",
"status": "",
"selfLink": "",
"generation": "",
"name": "",
"source": {
"identity": {}
},
"fullPath": "",
"log": "",
"action": "",
"destination": {},
"iruleSampleRate": ""
}
],
"selfLink": ""
}
None.
The output contains the following populated JSON schema:
{
"kind": "",
"selfLink": "",
"items": [
{
"generation": "",
"lastModifiedTime": "",
"cmpEnabled": "",
"throughputCapacity": "",
"fwStagedPolicyReference": {
"link": ""
},
"rateLimit": "",
"mask": "",
"source": "",
"ipProtocol": "",
"poolReference": {
"link": ""
},
"partition": "",
"fwEnforcedPolicyReference": {
"link": ""
},
"translateAddress": "",
"enabled": "",
"synCookieStatus": "",
"sourcePort": "",
"fwEnforcedPolicy": "",
"rateLimitSrcMask": "",
"mirror": "",
"rateLimitDstMask": "",
"name": "",
"addressStatus": "",
"rateLimitMode": "",
"nat64": "",
"securityNatPolicy": {
"useDevicePolicy": "",
"useRouteDomainPolicy": ""
},
"kind": "",
"selfLink": "",
"connectionLimit": "",
"profilesReference": {
"link": "",
"isSubcollection": ""
},
"gtmScore": "",
"vsIndex": "",
"creationTime": "",
"fullPath": "",
"sourceAddressTranslation": {
"type": ""
},
"vlansDisabled": "",
"pool": "",
"destination": "",
"fwStagedPolicy": "",
"policiesReference": {
"link": "",
"isSubcollection": ""
},
"mobileAppTunnel": "",
"autoLasthop": "",
"serviceDownImmediateAction": "",
"translatePort": ""
}
]
}
None.
The output contains the following populated JSON schema:
{
"kind": "",
"items": [
{
"name": "",
"kind": "",
"fullPath": "",
"rulesReference": {
"link": "",
"isSubcollection": ""
},
"selfLink": "",
"generation": "",
"partition": ""
}
],
"selfLink": ""
}
Parameter |
Description |
Virtual Server Name |
Name of the virtual server to which you want to apply a network firewall policy on F5 BIG-IP WAF. |
Partition |
Name of the network partition where the virtual server belongs on F5 BIG-IP WAF. You can find the partition name for a virtual server using ‘Get List of Virtual Servers’ action. |
Enforcement |
Enables or disables the firewall policy for the specified virtual server in the Network Firewall area on F5 BIG-IP WAF. If you select Enabled, then select the firewall policy to be applied on the virtual server. If you select Disabled, then any previously applied firewall policy on the virtual server will be removed. |
Policy Name |
Name of the firewall policy that you want to apply on the specified virtual server in Enforcement, on F5 BIG-IP WAF. Note: The firewall policies defined for Common partition can also be applied to the virtual servers in other partitions. However, the policies defined for any other partitions can not be applied to the virtual servers in Common partition. |
Staging |
Enables or disables the staging of firewall policy for the specified virtual server in the Network Firewall area on F5 BIG-IP WAF. If you select Enabled, then select the firewall policy to be staged for applying on the virtual server. If you select Disabled, then any previously staged firewall policy will be removed for the virtual server. |
Policy Name |
Name of the firewall policy that you want to apply on the specified virtual server in Staging, on F5 BIG-IP WAF. Note: The firewall policies defined for Common partition can also be applied to the virtual servers in other partitions. However, the policies defined for any other partitions can not be applied to the virtual servers in Common partition. |
The output contains the following populated JSON schema:
{
"generation": "",
"connectionLimit": "",
"description": "",
"cmpEnabled": "",
"rateLimitMode": "",
"fwStagedPolicyReference": {
"link": ""
},
"vsIndex": "",
"mask": "",
"ipProtocol": "",
"source": "",
"partition": "",
"fwEnforcedPolicyReference": {
"link": ""
},
"translateAddress": "",
"policiesReference": {
"link": "",
"isSubcollection": ""
},
"enabled": "",
"lastModifiedTime": "",
"sourcePort": "",
"rateLimitSrcMask": "",
"mirror": "",
"name": "",
"addressStatus": "",
"nat64": "",
"synCookieStatus": "",
"securityNatPolicy": {
"useDevicePolicy": "",
"useRouteDomainPolicy": ""
},
"kind": "",
"selfLink": "",
"vlansDisabled": "",
"profilesReference": {
"link": "",
"isSubcollection": ""
},
"gtmScore": "",
"destination": "",
"creationTime": "",
"fullPath": "",
"fwStagedPolicy": "",
"sourceAddressTranslation": {
"type": ""
},
"rateLimit": "",
"rateLimitDstMask": "",
"fwEnforcedPolicy": "",
"throughputCapacity": "",
"mobileAppTunnel": "",
"autoLasthop": "",
"serviceDownImmediateAction": "",
"translatePort": ""
}
Parameter |
Description |
Policy Name |
Name of the existing firewall policy for which you want to update the associated rule in F5 BIG-IP WAF. |
Partition |
Name of the network partition for which you want to update the associated firewall policy rule on F5 BIG-IP WAF. By default, the rule will be updated for the Common partition. Partitions are containers with administrative boundaries that you control with access permissions. |
Rule Name |
Name of the existing rule that you want to update on F5 BIG-IP WAF for the specified policy. |
State |
Update the State (Enabled or Disabled) of the specified firewall policy rule on F5 BIG-IP WAF. Enabled - applies the updated rule to the addresses and ports specified, by default. Disabled - does not apply the updated rule to the addresses and ports specified, by default. |
Protocol |
The protocol to which the updated firewall policy rule will be applicable on F5 BIG-IP WAF. |
Action |
Select from the actions - Accept, Drop or Reject, to specify whether to accept, drop or reject the connection with the IP addresses provided in Source and/or Destination. |
Source/Destination IP Addresses |
Specify whether to add or remove the IP addresses specified in the Source and Destination. Add - adds the specified IPs to the rule being updated. Remove - removes the specified IPs from the rule being updated. |
Source |
Comma-separated list of source IP addresses or the range of IP addresses that you want to add or remove from the firewall policy rule. |
Destination |
Comma-separated list of destination IP addresses or the range of IP addresses that you want to add or remove from the firewall policy rule. |
iRule |
Specify an iRule to be applied to the firewall policy rule on F5 BIG-IP WAF. An iRule can be started when the firewall rule matches traffic. |
iRule Sampling Rate |
Specify the frequency with which an iRule is to be triggered in the firewall policy rule, for sampling purposes on F5 BIG-IP WAF. The value you configure is one out of n times the iRule is triggered. For example, set this field to 5 to trigger the iRule one out of every five times the rule matches a flow. |
Send to Virtual Server |
Specify a virtual server to which to send the traffic that matches the iRule on F5 BIG-IP WAF. |
Service Policy |
Specify a service policy to apply to the firewall policy rule on F5 BIG-IP WAF. A service policy collects flow timer and flow timeout features in a policy that can be applied to different contexts, and allows you to configure policies to drop traffic on a specified port when the service does not match. |
Protocol Inspection Profile |
Specify a protocol inspection profile to associate with the firewall policy rule on F5 BIG-IP WAF. Protocol inspection profiles can be configured to run multiple inspections across different protocols. |
Classification Policy |
Specify a classification policy to associate with the new firewall policy rule on F5 BIG-IP WAF. |
Enable Logging for Rule |
Specify whether logging should be enabled or disabled for the rule you want to update on F5 BIG-IP WAF. |
The output contains the following populated JSON schema:
{
"name": "",
"ipProtocol": "",
"action": "",
"selfLink": "",
"generation": "",
"kind": "",
"source": {
"addresses": [
{
"name": ""
}
],
"identity": {}
},
"fullPath": "",
"log": "",
"status": "",
"destination": {
"addresses": [
{
"name": ""
}
]
},
"iruleSampleRate": ""
}
Parameter | Description |
---|---|
Policy Name | Name of the existing network firewall policy that you want to delete from F5 BIG-IP WAF. |
Partition | Name of the network partition for which to delete the firewall policy in F5 BIG-IP WAF. By default, the specified firewall policy is deleted for the Common partition. Partitions are containers with administrative boundaries that you control with access permissions. |
The output contains the following populated JSON schema:
{
"result": "",
"status": ""
}
Parameter | Description |
---|---|
Policy Name | Name of the existing network firewall policy for which you want to delete an associated rule in F5 BIG-IP WAF. |
Partition | Name of the network partition for which to delete the associated firewall policy rule in F5 BIG-IP WAF. By default, the rule is deleted for the Common partition. Partitions are containers with administrative boundaries that you control with access permissions. |
Rule Name | Name of the rule that you want to delete from F5 BIG-IP WAF for the specified firewall policy. |
The output contains the following populated JSON schema:
{
"result": "",
"status": ""
}
The Sample - F5 BIG-IP WAF - 1.0.0
playbook collection comes bundled with the F5 BIG-IP WAF connector. These playbooks contain steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the F5 BIG-IP WAF connector.
Apply Network Firewall Policy to Virtual Server
Create Network Firewall Policy
Create Network Firewall Policy Rule
Delete Network Firewall Policy
Delete Network Firewall Policy Rule
Get List of Network Firewall Policies
Get List of Policy Rules
Get List of Virtual Server
Update Network Firewall Policy Rule
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.