F5 VE WAF FINE TUNING

Hi everyone,

I am currently hardening a security setup involving two independent, standalone F5 BIG-IP virtual instances, each running its own WAF policy. Since there is no device group or synchronization (configsync) between these units, I am looking for advice on maintaining configuration consistency and ensuring best practices for this specific deployment.

To enhance our security posture, I am planning to implement the following on both instances:

Phase 1: VM and General System Settings: Establishing a secure baseline for the virtual machines and core system configurations.

Phase 2: LTM Review and Control: Auditing and hardening the Local Traffic Manager settings, including SNAT pool configurations and traffic isolation.

Phase 3: WAF and Advanced Settings: Refining WAF policies, implementing strict HTTP protocol compliance, and applying granular iRules for threat mitigation.

Since this is a standalone, non-clustered environment, I am particularly interested in any recommendations for avoiding "configuration drift" between the two instances. Are there specific workflows or automation strategies you suggest for ensuring parity between these two units during these three phases?