The BIG-IP Advanced Firewall Manager (AFM) allows you to compile and deploy rules either manually or automatically. Rules are compiled and deployed automatically by default. However, in a large configuration with many rulesets there can a large number of micro rules created by the compilation process, even when only a small number of rules are added or edited. For such configurations, it might be advantageous to compile all collected rule changes at once, manually. Once rules are compiled, they can be deployed manually or automatically. Deploying manually allows greater control over the rollout of configuration changes. These options provide a more efficient approach to managing large firewall rule sets. When manual rule compilation, manual rule deployment, or both are enabled, the AFM user interface provides feedback about the compilation and deployment status of the current ruleset.
When firewall rules are recompiled, whether automatically with a rule change, or manually with a manual compile event, the rule list or policy requires some server resources to compile. With large rule sets and deployments, even minor rule changes can cause very large recompilation events. You can view the resources used for policy compilation, either for the entire firewall or by context.
Compiler statistics are displayed on a context for several items.
Compiler statistics are displayed for several items when displayed for the entire firewall.