For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

14 Replies

  • MiLK_MaN's avatar
    MiLK_MaN
    Icon for Nimbostratus rankNimbostratus
    Apr 28, 2014

    ASM is an application firewall as opposed to the network based firewalls you listed from the other vendors.

     

    While they may have some IPS (Intrusion Prevention) or IDS (Intrusion Detection) capabilities, they can not truly protect your web based applications from zero day attacks. A WAF (Web Access Firewall) is the category that ASM falls into, and these technologies allow you to configure a "positive security" model where you only allow known acceptable requests from getting in as opposed to block bad requests that conform to a signature of sorts.

     

  • Mahmoud_Eldeeb_'s avatar
    Mahmoud_Eldeeb_
    Icon for Cirrostratus rankCirrostratus
    Apr 28, 2014

    it means that securing my network will be more complicated. so I have to have three levels of firewalls for each and every web application?

     

  • MiLK_MaN's avatar
    MiLK_MaN
    Icon for Nimbostratus rankNimbostratus
    Apr 28, 2014

    I've really only ever seen two levels, that being a network firewall out the front and then the WAF just behind it. This is usually done because the network firewall is the gateway to all IP traffic into a network, and the WAF is typically procured purely for HTTP based protection.

     

    Without going into your network design thoroughly, I can't comment on the three levels of firewalling.

     

  • Mahmoud_Eldeeb_'s avatar
    Mahmoud_Eldeeb_
    Icon for Cirrostratus rankCirrostratus
    Apr 28, 2014

    I mean that without WAf I have two level of firewall, now after adding WAf to my network it will be as a third firewall. I have to re-design the security based on the new resources.

     

  • MiLK_MaN_61922's avatar
    MiLK_MaN_61922
    Icon for Nimbostratus rankNimbostratus
    Apr 28, 2014

    If you were going to add a WAF to your existing network, you would do this

     

    External Firewall -> WAF -> Internal Firewall

     

  • MiLK_MaN's avatar
    MiLK_MaN
    Icon for Nimbostratus rankNimbostratus
    Apr 28, 2014

    If you were going to add a WAF to your existing network, you would do this

     

    External Firewall -> WAF -> Internal Firewall

     

  • Kevin_Stewart's avatar
    Kevin_Stewart
    Icon for Employee rankEmployee
    Apr 28, 2014

    Don't think of a WAF in the traditional layer 3 sense of a firewall. It's intended to protect your applications at layer 7. For example, a SQL injection would look like a normal request by your average network firewall, and typically be allowed through. The only redesign you need is to insert the WAF in front of your applications, which if you already have LTM load balancing that traffic, is a service on that device.

     

    • MiLK_MaN's avatar
      MiLK_MaN
      Icon for Nimbostratus rankNimbostratus
      Apr 28, 2014
      Absolutely. You configure the ASM policy and then attach to the virtual in question. The ASM documentation will describe the steps necessary to do this.