ASM inline scanning

Question

does anyone know if it is possible to use ASM with a general policy to scan traffic to many http servers without having to define all these as a virtual server?&nbsp;
with 11.4 i don't see the option to attach a policy to anything (IP forward, performance L4) except a standard virtual server.&nbsp;

thomas_gobet · Answer

To use ASM you have to define a standard virtual server with a http profile.&nbsp;
What you can do is to define a wildcard virtual server listening on port 80 for example.&nbsp;
Then you will able to scan traffic going to your webservers.&nbsp;

boneyard · Answer

hmmm, but that would mean connecting directly to the backend IP right? means you do loose some normal configuration.&nbsp;

thomas_gobet · Answer

No you can define a wilcard virtual server on the external side (VLAN).&nbsp;
But you will loose the pool selection based on your virtual server choice (you will have to use iRule).&nbsp;

matt_dierick · Answer

Hi Boneyard,&nbsp;
You can follow Thomas recommendations but be careful regarding your ASM policy size. If you have many applications on the same policy, you will increase CPU load.&nbsp;
Take care.
Matt&nbsp;

boneyard · Answer

thanks, yeah that sounds logical. still doesnt feel like the way forward.&nbsp;

Forum Discussion

ASM inline scanning

Recent Discussions

Background Tasks

APM with EntraID as idP / request signed

Should config via cli rather than gui?

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

Scanning for CVE-2017-9841 Drops Precipitously

OWASP Automated Threats - OAT-014 Vulnerability Scanning

Advanced iRules: Scan

Advanced iRules: Binary Scan

Integrating WhiteHat Scans With BIG-IP ASM

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS