Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

Mohammed_87's avatar
Mohammed_87
Icon for Nimbostratus rankNimbostratus
May 03, 2026

Best Practice guide for enabling Attack signature In BIG-IP ASM

Team,

I am newbee to F5 ASM.  What are the factors needs to consider before enabling the attach signature set ?
Which signature sets need to consider enabling ?


 

1 Reply

  • Nikoolayy1's avatar
    Nikoolayy1
    Icon for MVP rankMVP
    May 09, 2026

    Before working with F5 I suggest passing their training for ASM/AWAF as they have instructor or on-demand options.

    https://www.f5.com/learn/training

     

    Sorry but for more than just supporting/operations that is the best path.

     

    For basic knowledge you can see 

    https://my.f5.com/manage/s/article/K73819494 and 

    https://www.youtube.com/@f5networkswwfieldenablemen226 

     

     

    Outside of that you will need the developers to help as to tell you which server technologies are used or a staging environment where you can use the "Auto Detection" option for F5 to find them by seeing the request/responses. 

    https://my.f5.com/manage/s/article/K000134827 

     

    If the app is critical you may need to add low signatures but if not better have just medium or high as to be able to support it in the future. Also for not much experienced engineers better have automatic policy builder and configure trusted ip jump host where the developers can log in and connect to the app, so that false positives are cleared in a fast way. 

     

    But as I said before deploying new waf policy you will need to build F5 AWAF knowledge and work with the developers.