Can ASM signatures be downloaded (Auto/Scheduled) from another source

Question

We have some BIGIP LTM/ASM devices that cannot have access to the internet. Is it possible to host a non-internet connected server repository with copies of the ASM signatures and configure the ASM to automatically (Schedule) download these from this server as apposed to going direct to the F5 Download Site or manually downloading for each ASM.

peter_mills_697 · Answer

The next version of the BIG-IQ should be able to download and install signature updates and other incremental updates e.g. threat campaigns, whether via a proxy or direct.&nbsp;

simon_08 · Answer

So currently (v13.1.0) of Bigip ASM cannot be configured for automatic updates to any other location other than the F5 download site?&nbsp;

peter_mills_697 · Answer

https://support.f5.com/csp/article/K8217proxy1&nbsp;

simon_08 · Answer

Yes looked at this doc and only supports proxy, but no mention of configuring to download attack sigs from a customer server.  &nbsp;

boneyard · Answer

never read or heard about anyone setting that up. &nbsp;
if you have time to spare you can investigate how the F5 handles it with the public repository and build that yourself. add an entry in your DNS or use a virtual server on that IP to serve the requests. lots of work though, probably better to look into that BIG-IQ option.&nbsp;

Forum Discussion

Can ASM signatures be downloaded (Auto/Scheduled) from another source

Recent Discussions

nginx-ingress and CVE-2025-1974 (aka IngressNightmare)

AFM deny log level

History Current Connections from Local pool Traffic.

Persistent hash iRule

F5 DNS Generic Host

Related Content

Support of WAF Signature Staging in F5 Distributed Cloud (XC)

HTTP iApp - downloadable version

Downloading VE for VmWare

Python BigREST ucs save and download

Mitigating JSON-based SQL injection with BIG-IP ASM / Advanced WAF Attack Signatures

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS