Q&A: What is F5 Silverline's Policy on Customer-Initiated DDoS Test Attacks?


  • DDoS Volume metric attacks?


NOTE: This refers to customer-initiated tests.

For Silverline-initiated tests see How To: Schedule Silverline-Initiated DDoS Test



  • Silverline DDoS
  • GRE Tunnels


  1. This policy document augments the posted F5 Silverline Acceptable Use Policy (AUP), located as document 49604758 via

  2.  The intend of the AUP is to prevent customers from performing actions which may interfere with the stability or Silverline services, security compliance of Silverline services, or adherence to applicable law by F5 Networks (F5).

  3. Given the nature of the services provided by F5 via the Silverline managed services, it is understood that specific clarifications of the AUP are required for customers to assess the efficacy of the provided security services. This document is intended to provide additional clarification and processes for customers to test Silverline security services.

  • Acceptable Testing:
    • Customers may initiate and perform, at their own effort and expense, the following Silverline security service testing:

      • Distributed Denial of Service (DDoS) testing against Internet Protocol (IP) network addresses or subnets which are owned or authorized in writing for use by the customer

      • DDoS testing against the IP address provided by F5 Silverline for proxy services for the customer as identified by the IP address or DNS name configured within the Silverline customer portal
      • DDoS testing sourced from IP address space owned by the customer
  •  Unacceptable Testing:
    • Customers may not perform DDoS against any F5 managed IP address or application outside of the scope of those configured for their customer account

      • For the avoidance of doubt, this includes the F5 Silverline IP address space not allocated or provisioned for the customer and the Silverline customer web-portal.

    • DDoS testing sourced from IP address ranges not owned by the customer or customer's attack vendor ("spoofed" packets) is strictly forbidden.

  • Notification Policy:

    • Customers are not expected to notify the SOC about any DDoS test they intend to execute if they intended to test the SOC's standard response to a DDoS Attack.
    • An exception to this policy is applicable if SOC resources are required as part of the test attack planned activities, such as joining a bridge during the test or providing specific custom reports at the conclusion of the test. If specific SOC participation is required, we request that: 
      • Customers notify the SOC via email to or by phone, 24-48 hrs prior the planned test attack and provide the following details:
Was this article helpful?
1 out of 1 found this helpful
Have more questions? Submit a request