For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

OM's avatar
OM
Icon for Altocumulus rankAltocumulus
May 31, 2018

asm rejects packets with policy in transparent mode

Hi, I am loadbalancing 2 vmware security servers (gateway) for vmware client view (vdi). I have an ASM policy in transparent mode, and the requests are still getting rejected without logs. I have no ...
application delivery
ASM Advanced WAF
security
Erik_Novak's avatar
Erik_Novak
Icon for Employee rankEmployee
Jun 01, 2018

So if you disable Application Security on the VS, traffic passes? And when you enable Application Security on the VS, traffic does not pass, but you get no indication that ASM is blocking requests. If the request to the application contains XML in the payload, you will need an XML profile associated with the security policy--not the virtual server. Additionally, you will need to check the learn, alarm, and block settings for XML-related violations, and probably RFC-compliance violations as well. Can you de-select the "Block" checkbox for each violation and then test traffic? Are you sure the application encoding language for your policy is correct?