Forum Discussion

coa7802_177323's avatar
coa7802_177323
Icon for Nimbostratus rankNimbostratus
Nov 14, 2014

ASM deployment architecture

Hello,

 

I'm trying to find about deployment architectures for ASM but I don't find anything. I'm comparing with other solutions like securesphere, fortiweb, etc and I guess some operation modes (bridge, transparent inspection, reverse proxy, offline) and if it's posible to support fail open. But with BIG IP ASM I don't find this kind of things.

 

Can anyone help me?

 

Thank you!

 

ASM Advanced WAF
design
security

4 Replies

  • Emad's avatar
    Emad
    Icon for Cirrostratus rankCirrostratus
    Nov 15, 2014

    You can deploy ASM in staging mode, which can server the purpose same like transparent/inspection. What actually do you want to achieve.

     

  • coa7802_177323's avatar
    coa7802_177323
    Icon for Nimbostratus rankNimbostratus
    Nov 17, 2014

    Sorry Johny but I don't undersand your answer.

     

    The doubt is... ¿Can F5 ASM works in a Transparent Proxy mode? I know it works as a Reverse Proxy with LTM but, can it runs in a Transparent Proxy mode? And in a Offline (sniffer) mode?

     

    In the datasheets, knowledge base, etc I don't find anything about it.

     

    Thanks!

     

  • mimlo_61970's avatar
    mimlo_61970
    Icon for Cumulonimbus rankCumulonimbus
    Nov 17, 2014

    I would recommend talking directly to F5 sales, but to my knowledge the ASM cannot run in a sniffer mode, and does not offer a fail open option. It is an active participant in the conversation, so the options you are asking about really aren't applicable. The options you are describing are more in-line with an IDS/IPS type solution. The ASM is more like an L7 firewall. Imagine running your primary firewall as fail open or on a sniffer port, the same applies here, it just doesn't work like that.