For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Kevin_Stewart's avatar
Kevin_Stewart
Icon for Employee rankEmployee
Apr 28, 2014

for point-1, why do you prefer positive

 

The positive security model is based on learned behavior, which when set into blocking mode produces a deny condition for anything not explicitly allowed. The negative security model is based on signatures of "known" attacks. The signature database is extremely comprehensive, but cannot possibly account for every vulnerability a specific application may suffer. You can and should use both models, but positive security should ultimately be where you get the most bang for your buck.

 

I have LTM & ASM, two types of VS (http & https).

 

As long as you are offloading the client side SSL, ASM will work.