Forum Discussion

Logan922's avatar
Logan922
Icon for Nimbostratus rankNimbostratus
Jan 10, 2026

How can I measure Advanced WAF (ASM) throughput on a running BIG-IP VE (per VIP / per policy)?

Hi everyone, I’m running BIG-IP VE with LTM + Advanced WAF (ASM) and I’m planning a license upgrade (e.g., 200 Mbps to 1 Gbps). Before upgrading, I want to measure the real WAF throughput on the cur...
application delivery
security
Daniel_Wolf's avatar
Daniel_Wolf
Icon for MVP rankMVP
Jan 29, 2026

Hi Logan922​

I saw your questions but I never found time to reply.

Answering question 3 first:
Sizing a WAF has a lot of different variables that influence the performance of a WAF. There is no definitive guide.
A couple of things I have learnt from experience or from asking F5 SEs a lot of questions:

  • Checking attack signatures with regexes consumes CPU cycles, checking a lot of signatures require more CPU cycles
  • Requests with lots of parameters or values in the query string are heavier on the WAF than static requests
  • Requests with a LOT of HTTP headers have an impact on performance
  • Data Guard can also impact performance
  • Remote Logging is better for performance than on-the-box logging
  • Checking Responses is also a compute intense feature in ASM

My recommendation for a proper WAF sizing is - don't guesstimate, ask someone who knows. Ask your F5 partner, ask your F5 SE.
Do a POC for the apps and APIs you want to protect.

Now for 1 and 2 - There are many ways to get such statistics.

  • Qkview
  • AVR
  • F5 Application Study Tool

Cheers

Daniel