How can I measure Advanced WAF (ASM) throughput on a running BIG-IP VE (per VIP / per policy)?

Question

Hi everyone,I’m running BIG-IP VE with LTM + Advanced WAF (ASM) and I’m planning a license upgrade (e.g., 200 Mbps to 1 Gbps). Before upgrading, I want to measure the real WAF throughput on the currently running VM, ideally:Per virtual server (VIP)And, if possible, per ASM/AWAF security policy&nbsp;Questions:1- Is there a supported way to get throughput (Mbps/Gbps) per ASM/AWAF security policy (not just per VIP), either from GUI, tmsh?2- If per-policy throughput isn’t available, is VIP throughput the recommended proxy for WAF throughput (since the policy is attached to that VIP)?3- For sizing/licensing discussions, should throughput be considered request-only or request + response (bidirectional)

melissa_c · Answer

Hello Logan922​&nbsp;
I see there was no response to your questions and wanted to check if you were able to get an answer outside of DevCentral? If so would you be able to provide an update to your post, or if not let us know and we can find what options we have available to try to get your questions answered.&nbsp;
Thank you for posting to our community.&nbsp;
-Melissa&nbsp;

daniel_wolf · Answer

Hi Logan922​,&nbsp;
I saw your questions but I never found time to reply. Answering question 3 first:Sizing a WAF has a lot of different variables that influence the performance of a WAF. There is no definitive guide.A couple of things I have learnt from experience or from asking F5 SEs a lot of questions:

Checking attack signatures with regexes consumes CPU cycles, checking a lot of signatures require more CPU cycles
Requests with lots of parameters or values in the query string are heavier on the WAF than static requests
Requests with a LOT of HTTP headers have an impact on performance
Data Guard can also impact performance
Remote Logging is better for performance than on-the-box logging
Checking Responses is also a compute intense feature in ASM

My recommendation for a proper WAF sizing is - don't guesstimate, ask someone who knows. Ask your F5 partner, ask your F5 SE.Do a POC for the apps and APIs you want to protect.
Now for 1 and 2 - There are many ways to get such statistics.

Qkview
AVR
F5 Application Study Tool

Cheers
Daniel

Forum Discussion

How can I measure Advanced WAF (ASM) throughput on a running BIG-IP VE (per VIP / per policy)?

2 Replies

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

SSL cipher

CPU utilization of F5OS on r2600

F5OS VLAN naming length restrictions

iApps with load ucs Platform-migrate on newer hardware

Raise your hand if you'll be at AppWorld 2026

Related Content

Securing GraphQL with Advanced WAF declarative policies

Manage F5 BIG-IP Advanced WAF Policies with Terraform (Intro)

From ASM to Advanced WAF: Advancing your Application Security

Manage F5 BIG-IP Advanced WAF Policies with Terraform (Part 1 - Policy Creation)

Manage F5 BIG-IP Advanced WAF Policies with Terraform (Part 2 - Policy Import)

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS