Can I put other F5 ASM module in different physical box?

Ppp2016,

You can do both. The scenario you see less often is standalone ASM but i have absolutely seen this and there are use cases where this may be good practice. You can have a BIG-IP upstream divert only the necessary traffic to downstream ASM devices and then, depending on architecture, send them back to the original BIG-IPs or other downstream ones, with their VIP as the pool member.

It is probably less complex to have LTM and ASM on the same box in front of your web servers but there are always options.

Whilst older platforms and older TMOS versions had resource considerations when adding on multiple modules, and even had limitations on types/numbers, the new platforms and versions are a lot more flexible.

It all depends on the traffic/architecture where you are. Hopefully this gives you food for thought.

N