Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

F5user13_114603's avatar
F5user13_114603
Icon for Cirrus rankCirrus
Nov 24, 2017

BIG-IP module order of operations

Hi Experts,   If I have a BIG-IP provisioned with LTM/ASM/APM/AFM what would be the sequence in which each of these modules would trigger. I am unable to find sufficient documentation correlating ...
application delivery
big-ip
LTM
Lee_Sutcliffe's avatar
Lee_Sutcliffe
Icon for Nacreous rankNacreous
Nov 24, 2017

The answer is, it depends.. and it isn't linear.

 

AFM will generally be processed first as Global rules occur before a VS is serviced. (if you have global rules configured)

 

https://support.f5.com/kb/en-us/products/big-ip-afm/manuals/product/network-firewall-policies-implementations-11-5-0/2.html

 

Once the VIP is processed it will side step and assess ASM and APM policies if configured, before continuing to process the rest of the VS (assuming ASM and APM policies have permitted the flow) I can't comment on which gets processed first out of ASM and APM.

 

As to seeing a document to explain this, I've not seen one either so not sure if this information is useful to you.

 

Related to this and quite useful is the iRule processing order. This is not an exhaustive list of all events but useful nonetheless:

iRule Event Order - HTTPS/SSL - Client & Server Side