Forum Discussion
ASM and TCP based applications
Hello, I am not an F5 expert, but am asking on behalf of a customer. I am trying to find the following:
Can ASM be leveraged to inspect application traffic when the application is using a TCP (not HTTP) based access policy? If so, is this out of the box or is there special configuration required? The customer is using Big-IP using F5 for reverse proxy and SSL offload.
Any help would (and links) would be greatly appreciated.
Thanks, Marcus
Hello,
ASM is a Web application firewall and is dedicated to the protection of web apps.
You can use the ASM license to protect smtp and ftp services.
If you have a custom TCP app, you have better to go with LTM, irules and IP Intelligence (ip reputation db)
You can find info on devcebtral and askf5.f5.com
- Yann_Desmarest_Nacreous
Hello,
ASM is a Web application firewall and is dedicated to the protection of web apps.
You can use the ASM license to protect smtp and ftp services.
If you have a custom TCP app, you have better to go with LTM, irules and IP Intelligence (ip reputation db)
You can find info on devcebtral and askf5.f5.com
- Marcus_SpitzmilNimbostratusThanks a lot for the quick response. In this case it actually is a web app using websockets, which require a TCP based access policy. I am assuming this does not change your answer? Please confirm, then I'll mark your answer. Thanks! Marcus
- Erik_Novak_2712Historic F5 AccountThe upcoming ASM v12.1 supports WebSocket applications. The standard TCP profile must be used on the virtual server, and then you add a WebSocket profile. Automatic configuration of WebSocket URLs is also configurable.
- Yann_Desmarest_NacreousHi, Websocket is currently supported using LTM only. As Erik mentioned, you need to wait for the 12.1.0 to be released
Hello,
ASM is a Web application firewall and is dedicated to the protection of web apps.
You can use the ASM license to protect smtp and ftp services.
If you have a custom TCP app, you have better to go with LTM, irules and IP Intelligence (ip reputation db)
You can find info on devcebtral and askf5.f5.com
- Marcus_SpitzmilNimbostratusThanks a lot for the quick response. In this case it actually is a web app using websockets, which require a TCP based access policy. I am assuming this does not change your answer? Please confirm, then I'll mark your answer. Thanks! Marcus
- Erik_Novak_2712Historic F5 AccountThe upcoming ASM v12.1 supports WebSocket applications. The standard TCP profile must be used on the virtual server, and then you add a WebSocket profile. Automatic configuration of WebSocket URLs is also configurable.
- Hi, Websocket is currently supported using LTM only. As Erik mentioned, you need to wait for the 12.1.0 to be released
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com