Forum Discussion
Cirrusenabling ASM on VS requires Websecurity module (11.5.1)
Hi,
I have a question about the security module. I want to enable a ASM policy with ASM::enable POLICY1, but the system says
ASM::enable in rule (/Common/Irulexxx) requires an associated WEBSECURITY profile on the virtual server VIPxxx.
Can you see it as an default ASM policy?
Does it have to be the same ASM policy like in the irule?
What is, if I use multiple ASM policies in the Irule? You can only set one ASM policy in the VS.
thx.
2 Replies
Tortiomg, it automatically creates a ltm policy, if you attach a ASM policy :-o Is there no way to work without a LTM policy?
David_RemingtonEmployee
Torti,
Think of the LTM policy and the associated ASM policy in the same way as you think of a default pool on a virtual server.
The policy set in the LTM policy automatically created by ASM and attached to the virtual server is the one that will be used for all requests that you do NOT send to a different policy in your iRule. This is just like putting a default pool on a virtual server, but retaining the ability to choose a different pool based on URI or whatever in an iRule.
Note that if you are doing simple mapping of hostname/uri->ASM Policy you can add those conditions to LTM policies to use that mechanism instead of an iRule.
iRule is obviously more flexible so if you want to leverage iRules that works too, using ASM::policy and ASM::disable as needed based on URI or whatever.
