Test the New Firewall Rules
---------------------------

Once again you will generate traffic through the BIG-IP AFM and then
view the AFM (firewall) logs.

-  Ping 10.30.0.50

-  Open a new Web browser and access http://10.30.0.50

-  Open a new Web browser and access http://10.30.0.50:8081

-  SSH to 10.30.0.50 using Web Server shortcut (PUTTY) on desktop.

In the Configuration Utility, open the **Security > Event Logs > Network
> Firewall** page.

Access for port 80 was granted to a host using the web_rule_list:
**allow_http** rule.

|image20|

Requests for port 8081, and 22 were all rejected due to the
reject_10_20_0_0 rule.

|image21|

You may verify this, by going to **Security > Network Firewall > Active
Rules**, then selecting the context for route domain 0. Note the
**Count** field next to each rule as seen below. Also note how each rule
will also provide a **Latest Matched** field so you will know the last
time each rule was matched:

|image22|

Congratulations! Day one and you’ve already saved the day. Hang on,
something isn’t right, the images Mr. Lumbergh talked about are not
populating, they look like broken links.

|image23|

Let’s refresh the web page once more and see what the logs show….

|image24|

If we follow the flow we can see the traffic to 10.30.0.50 is permitted
on port 80 however; there appears to be a second connection attempting
to open to another server, 10.40.0.50, also on port 80 (glad we put in
that reject rule and are logging all the traffic flows). Let’s look at
how this web page is written. To view the page source details, simply
**right** click anywhere on the **10.30.0.50** web page and select “view
page source”

|image25|

Very interesting, it appears there are two images and they are links to
another server which appear to be a server on the application network,
which is also a link off of the firewall. You can verify this by looking
at the network settings on the BIG-IP found under: **Network > VLANs
and/or Network > Self IPs.** To resolve, let’s create another rule list
for this network as well to keep the rule lists separated for security
reasons.

.. |image20| image:: /_static/class1/image21.png
   :width: 6.49097in
   :height: 0.70347in
.. |image21| image:: /_static/class1/image22.png
   :width: 6.48125in
   :height: 0.60208in
.. |image22| image:: /_static/class1/image23.png
   :width: 6.49097in
   :height: 1.76875in
.. |image23| image:: /_static/class1/image24.png
   :width: 2.67327in
   :height: 2.26704in
.. |image24| image:: /_static/class1/image25.png
   :width: 6.5in
   :height: 1.25903in
.. |image25| image:: /_static/class1/image26.png
   :width: 6.5in
   :height: 1.22222in