aFleX Tutorial

What is aFlex?

aFleX is a scripting tool that is built into the Thunder Series Server Load Balancers. aFleX is based on a standard scripting language, TCL, enabling the load balancer to perform Layer 7 deep-packet inspection (DPI). Information in the header or data portion of the packet can then be erased, changed or manipulated as needed, or the packet can be dropped or redirected based on the information.

Introduction to aFlex Scripting

Advantages of using aFleX

aFleX policies allow you to exercise more granular control of packet inspection and traffic load balancing. The benefits can be, but are not limited to:

Elements of an aFleX script



aFleX commands

Note: aFleX is extensible. In future AX software releases, additional aFleX events and aFleX commands will be added.

The list of supported Events, Operators, and Commands is available in the AX Series aFleX Reference.

aFleX configuration

aFleX configuration is done in 2 steps:

  1. Place the aFleX script on the AX device.
    • Using the CLI
      • Use a computer with any text editor to write an aFleX script and save it as a file.
      • Use the import aflex command to import the aFleX file from the computer to the AX device.
      • aFleX CLI syntax check: aflex check script-name
    • Using the WebUI
      • With the AX’s web interface, you can directly type in aFleX scripts and save them on the AX device. In the AX WebUI, navigate to Config Mode > Service > aFleX.
    • Using the aFleX Editor
      • The aFleX Editor is a separate PC application you can use to download/upload aFleX scripts from/to the AX device. Moreover, the aFleX Editor can do syntax checking. As an editor, it also has syntax highlighting, keyword auto-completion, etc.
  2. Assign the aFleX script to VIP port
    • Using the WebUI: Config Mode > Service > SLB > Virtual Server > Port
    • CLI:
      AX(config)# slb virtual-server name [ipaddr]
      AX(config-slb vserver)# port N tcp
      AX(config-slb vserver-vport)# aflex script-name

aFleX statistics are available in the WebUI or CLI:



June 14, 2018

About Paul Nicholson

Paul Nicholson brings 24 years of experience working with Internet and security companies in the U.S. and U.K. In his current position, Nicholson is responsible for global product marketing and strategy at San Jose, Calif.-based application networking and security leader A10 Networks. Prior to A10 Networks, Nicholson held various technical and management positions at Intel, Pandesic (the Internet company from Intel and SAP), Secure Computing, and various security start-ups. READ MORE