Forum Discussion

saidshow_251381's avatar
saidshow_251381
Icon for Cirrostratus rankCirrostratus
Oct 26, 2016

Is it possible to Split Test ASM Policies?

Hi Guys,

 

Is it possible to split test 2 asm policies?

 

I know I cannot add more than 1 asm policy to the virtual server object, however I was wondering if it's possible in other way. One consideration that I had that is to create a second ASM policy to this one. Then to use a layer 7 policy on the LTM to direct the majority of traffic to the known and trusted policy and a small amount of traffic to the new stricter policy.

 

Is there a better way to do this? If there is no other way to do this, would the method described above work?

 

I'm using Ver 12.1.1 - are there new features I am not seeing that might allow for this?

 

Thank you

 

  • Hi,

     

    When enabling ASM policy on a virtual server, it create a LTM policy... this is the default configuration...

     

    When configuring ASM, I always create manually a LTM policy with ASM controls instead of using the automatic configuration which create a policy we can't change name.

     

    So the solution is to edit the LTM policy to add conditions and assign different ASM policy than default one.

     

    keep in mind that you can do almost everything with bigip... so do not ask if it is possible, but how to do it :-)