ASM inline scanning

Question

does anyone know if it is possible to use ASM with a general policy to scan traffic to many http servers without having to define all these as a virtual server?&nbsp;
with 11.4 i don't see the option to attach a policy to anything (IP forward, performance L4) except a standard virtual server.&nbsp;

thomas_gobet · Answer

To use ASM you have to define a standard virtual server with a http profile.&nbsp;
What you can do is to define a wildcard virtual server listening on port 80 for example.&nbsp;
Then you will able to scan traffic going to your webservers.&nbsp;

boneyard · Answer

hmmm, but that would mean connecting directly to the backend IP right? means you do loose some normal configuration.&nbsp;

thomas_gobet · Answer

No you can define a wilcard virtual server on the external side (VLAN).&nbsp;
But you will loose the pool selection based on your virtual server choice (you will have to use iRule).&nbsp;

matt_dierick · Answer

Hi Boneyard,&nbsp;
You can follow Thomas recommendations but be careful regarding your ASM policy size. If you have many applications on the same policy, you will increase CPU load.&nbsp;
Take care.
Matt&nbsp;

boneyard · Answer

thanks, yeah that sounds logical. still doesnt feel like the way forward.&nbsp;

Forum Discussion

ASM inline scanning

6 Replies

Security Best Practices for F5 Products

F5 AppWorld 2026 Registration - early bird pricing.

Kostas Injeyan - October 2025 Featured Member

Recent Discussions

HA Failover between two Datacenters

LTM issue Openning new web browser tab

F5 asm/awaf

AST Configuration Assistance

Identify which virtual servers are using a specific SSL certificate

Related Content

Introducing F5 Distributed Cloud Web App Scanning

Advanced iRules: Scan

Advanced iRules: Binary Scan

Integrating WhiteHat Scans With BIG-IP ASM

OWASP Automated Threats - OAT-014 Vulnerability Scanning

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS