Forum Discussion

Nimbostratus

Jan 14, 2010

ASM - pool to be defined in http class or in VIP ?

Hi , We are having two LTMs running ASM. There are two virtual servers created one for 'http' and one for 'https' (for SSL offload). 1. When we are enabling ASM, do we ne...

app sec

BIG-IP Access Policy Manager (APM)

security

hoolio

Cirrostratus

Jan 14, 2010

The way you have it configured is secure and fine.

However, there is no security risk with having a default pool on the VIP if you only have one HTTP class with ASM enabled and no filters on that class. If you add a pool to the HTTP class, that pool will be used (and the default pool would never be used).

The only downside to that approach is that the VIP status shows as unknown because TMM only checks the VIP's default pool's state.

Aaron

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

ASM - pool to be defined in http class or in VIP ?

F5 Academy at AppWorld 2026

Aswin MK - November 2025 Featured Member

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

F5 XC 503 upstream_reset_before_response_started{protocol_error}

CVE mitigation on F5 XC vs classic F5 WAF

F5 mssql health monitor failing

Could not communicate with the system. Try to reload page.

UCS Encryption Question

Related Content

iRules LX Logger Class

F5 Synthesis: Software Defined Application Services

Node IP address defined as %1

Ps Rate Class

Perl Address Class

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS