For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

jflomed_174292's avatar
jflomed_174292
Icon for Nimbostratus rankNimbostratus
Mar 21, 2017

asm practices for CPU/ memory tuning

Hi,

 

Considering an environment with standalone ASM deployment (BIG-IP 4000, 30 VS, 15 security policies without important changes for the last year), and a CPU usage between 40-45%. Will the CPU percentages increase considerably by adding features such as Anomaly detection and/or DoS protection to all security policies, while the system is not under attacks related to said features? And what would happen during an attack?

 

Thanks

 

ASM Advanced WAF
security

2 Replies

  • samstep's avatar
    samstep
    Icon for Cirrocumulus rankCirrocumulus
    Mar 29, 2017

    If you have learning enabled on ASM all the time then that does consume CPU, also anomaly detection based on on URL or client-side integrity will consume CPU.

     

    A particular hog is event correlation, check out this article:

     

    https://support.f5.com/csp/article/K22029939

     

    It is not possible to predict CPU usage under attack, depends on your policy! If you have performance concerns you should consider scaling your architecture/upgrading ASM hardware

     

  • samstep's avatar
    samstep
    Icon for Cirrocumulus rankCirrocumulus
    Mar 29, 2017

    If you have learning enabled on ASM all the time then that does consume CPU, also anomaly detection based on on URL or client-side integrity will consume CPU.

     

    A particular hog is event correlation, check out this article:

     

    https://support.f5.com/csp/article/K22029939

     

    It is not possible to predict CPU usage under attack, depends on your policy! If you have performance concerns you should consider scaling your architecture/upgrading ASM hardware