For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Abdulrahman_376's avatar
Abdulrahman_376
Icon for Nimbostratus rankNimbostratus
Nov 03, 2018

Checklist Of WAF<M profisinal service

Hi,   I work as an engineer in one of the agencies, We will receive two devices LTM LOUDblancer & WAF From a partner company F5   I have to check the equipment before I receive it, Is there a ...
BIG-IP
LTM
security
waf
samstep's avatar
samstep
Icon for Cirrocumulus rankCirrocumulus
Nov 04, 2018

Are these hardware F5 devices that you are getting or virtual ones? Who ordered them and specified the requirements? The best way is to ask these people if configuration matched the defined requirements. If it is F5 ASM (WAF) you are getting and an external company has configured it to protect your web site/web application the best way to check if WAF protection is working is to compare penetration testing results before and after the WAF installation.

 

If you have never worked with F5 and will now be responsible for it the best way forward is to get training (instructor-led or online). More information is available here: https://www.f5.com/services/training

 

A good place to start is this article (First 30 days with F5):

 

https://devcentral.f5.com/articles/your-first-30-days-with-big-ip-24593