F5 ASM blacklist/whitelist vs. NIPS

Question

We have endless questions with a customer about pros/cons of a WAF and a NIPS and where to do what. I'm interest if you could share some thoughts around this and also about where to do what kind of blacklisting. Or the different features of blacklists on a WAF or on a NIPS

iheartf5_45022 · Answer

There's certainly no wrong or right answer - it depends on your circumstances.&nbsp;
If the F5 is already inline in the traffic path it is already in a position to see all traffic - all you have to do is add the ASM module and configure.  It's also going to be performing SSL offload and potentially re-encrypting so it is in a unique position to be able to see traffic contents.&nbsp;
An all-purpose NIPS either has to be inserted into the traffic path (for IPS),  or you need to use a precious SPAN session to send traffic to it (for IDS).  In addition in order to see encrypted traffic it will need to have certs added,  or be in the traffic path behind the SSL Offloader.&nbsp;
The WAF is specific to web applications whereas the NIPS will alert on all types of signatures, so it really depends on your requirements.&nbsp;

F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

F5 ASM blacklist/whitelist vs. NIPS

1 Reply

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

irule execution error

Issue with TLS Version 1.1 Deprecated Protocol

can't access on prem dns when using F5LTM as a gateway

Adding logging to APM per-request policy without SWG license

Service discovery is not happening in AS3

Related Content

Global Blacklist or Whitelist

F5 asm/awaf

File Uploads and ASM

ASM LOGS

ASM/WAF Management Automation - TMOS

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS