How can I measure Advanced WAF (ASM) throughput on a running BIG-IP VE (per VIP / per policy)?

Hi Logan922​, 

I saw your questions but I never found time to reply.

Answering question 3 first:
Sizing a WAF has a lot of different variables that influence the performance of a WAF. There is no definitive guide.
A couple of things I have learnt from experience or from asking F5 SEs a lot of questions:

• Checking attack signatures with regexes consumes CPU cycles, checking a lot of signatures require more CPU cycles
• Requests with lots of parameters or values in the query string are heavier on the WAF than static requests
• Requests with a LOT of HTTP headers have an impact on performance
• Data Guard can also impact performance
• Remote Logging is better for performance than on-the-box logging
• Checking Responses is also a compute intense feature in ASM

My recommendation for a proper WAF sizing is - don't guesstimate, ask someone who knows. Ask your F5 partner, ask your F5 SE.
Do a POC for the apps and APIs you want to protect.

Now for 1 and 2 - There are many ways to get such statistics.

• Qkview
• AVR
• F5 Application Study Tool

Cheers

Daniel