Hello Guys, We are configuring awaf and we need your help to get some documents for the same and explaining the benefits. Please provide any valide datas Thanks Bilal

Hi, You can also verify this article aswell- https://www.f5.com/products/big-ip-services/advanced-waf BRaswin

F5 asm/awaf | DevCentral

4 Replies

Aswin_mk
MVP
Oct 31, 2025
Hi,

You can refer to below Document which should be helpful for this query:

BIG-IP Application Security Manager: Implementations
https://techdocs.f5.com/en-us/bigip-17-0-0/big-ip-asm-implementations.html

K07359270: Succeeding with application security
https://my.f5.com/manage/s/article/K07359270

BR
Aswin
- Aswin_mk
  MVP
  Oct 31, 2025
  Hi,
  
  You can also verify this article aswell- https://www.f5.com/products/big-ip-services/advanced-waf
  
  BR
  aswin
Nikoolayy1
MVP
Nov 07, 2025
See Gartner for WAF vendors. Managers love it like you are going to a supermarket and getting 50% discount 😉
Mayur_Sutare
MVP
Nov 25, 2025
Hi saddiq_bilal

There are several advantages of using F5 AWAF (formerly ASM) to protect your F5-hosted applications and URLs. Some key benefits include:

Advanced protection against OWASP Top 10 vulnerabilities
b. Automatic threat intelligence updates to safeguard against emerging web threats
c. Comprehensive security for public-facing web applications and API gateways against both common and advanced attacks
d. Bot protection capabilities to detect and block malicious or automated bot activity
e. Application-layer DDoS protection, along with various other enhanced security features

F5 AWAF also allows highly granular security policy configuration, enabling you to tailor protections based on specific application behavior. While F5 provides extensive documentation to help you get started, I would also recommend the following best practices when planning your AWAF deployment:

Avoid enabling full blocking mode initially. Start with the policy in Learning Mode so the system can observe traffic patterns, identify potential violations, and help you distinguish between true positives and false positives.

Begin implementation in a lower environment to minimize any risk of unintended production impact.

Build the policy in phases. Blocking everything from the start may lead to unnecessary false positives. A gradual, phased approach is far more effective.

Collaborate closely with your application team. Having detailed knowledge of the application—such as expected URLs, methods, response codes, and technologies used—greatly helps in designing an accurate and effective WAF policy.

Maintain separate policies for each environment. This approach provides flexibility and ensures that changes can be safely tested in lower tiers before being applied to production.

Hope this helps!

Mayur

Forum Discussion

F5 asm/awaf

4 Replies

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

F5 Networks F5CAB1 Exam - Need Help Regarding Prep

Username is not filled in EdgeClient in the Modern customization

The GSLB pool is providing an incorrect IP to end users

iRule causing requests to be duplicated (sometimes)

Cisco TACACS+ Config on ISE LTM Pair

Related Content

F5 ASM/AWAF Preventing unauthorized users accessing admin path using iRule script

F5 ICAP over SSL/TLS (Secure ICAP) with F5 ASM/AWAF Antivirus Protection feature

F5 AWAF/ASM Fails to update OpenAPI file through REST-API

F5 BIG-IP Automatic email notification for system update events (ASM/AWAF)

Exporting and importing ASM/AWAF security policies with Ansible and Terraform

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS