Forum Discussion

negin_297580's avatar
negin_297580
Icon for Nimbostratus rankNimbostratus
Jan 05, 2017

Asm methods

What are the methods of deploying in asm?  
  • Michael_Everet1's avatar
    Jan 05, 2017

    Hi Negin:

     

     

    Your question is a bit vague in terms of deployment modes. A few different ways to intrepret.

     

     

    If you are referring to how can ASM be inserted into a network topology. It can be inserted in one of two ways:

     

    1. Reverse Proxy mode, attached to a virtual server object. In most environments this is the simplest and most effective approach.

     

    2. L2 transparent bridge mode. This is for environments where ASM needs to be inserted with no other network changes allowed. More information can be found here: An

     

    ** You may find this document useful in this discussion: Key Considerations in Choosing a Web Application Firewall

     

     

    If you are referring to whether ASM can be deployed in blocking/transparent/learn mode. ASM on a per-policy basis can be configured as blocking or transparent. Then again, for individual policy elements you can determine whether you want ASM to Learn, Log, or Block.

     

     

    Finally, if you are referring to ways to build and deploy an ASM policy. ASM can be configured to build security policies in the following ways:

     

    1. Automatically, where ASM learns policy elements and automatically configures.

     

    2. Manually, you will manually define policy elements or use pre-existing templates to import. Note, even when building manually you can still configure ASM to learn these elements, and then manually deploy them to the security policy.

     

    3. Create a policy for XML or web services

     

    4. Import results from a 3rd party vulnerability scanning tool to build the security policy.

     

    ** The following devcentral article might be helpful BIG-IP ASM Part 2: Policy Building