Forum Discussion
Vanvool
Nimbostratus
NimbostratusIs there a way to use multiple ASM profiles on one Virtual Server?
Hello fellow F5 users,
Currently we have ASM policies for every virtual server of our production environment already in place but they need to be reconfigured. A previous admin was a bit too gentle with accepting suggestions and we want to re-create the policies with minimal interruption/loss of functionality or security.
The manner I thought of was putting a parallel transparent ASM policy in place that just detects and learns from the traffic that flows through it so I have an understanding of said traffic and can configure the new ASM policy myself. Whilst still for the duration of the configuration of the policy I can still maintain the functionality of the old profile so the users are not interrupted and we don't have a big security risk of having just a transparent policy.
Does any of you know a way? I've searched about everywhere and didn't find any working solution. I've already tried to create a local traffic policy, containing a rule which enables asm for 2 different policies but this solution doesn't seem to work.
We are running version 12.x
TL;DR Basically the title. I'm looking for a way to use multiple parallel ASM profiles on one virtual server.
Thanks in advance!
gersbahCirrostratus
You can have multiple policies assigned via LTM rule, but request by request, it's always either/or and never both.
There's no way I know of, to have one request pass through multiple ASM instances. (except actually routing the traffic through multiple vservers)
For what it's worth, I have also been dreaming about this feature, for the same reason you mentioned.
Maybe it's possible for you to define a couple test users or corporate network IPs that you consider trusted and assign the new policy to them based on source IP?