Forum Discussion

G-Dub's avatar
Icon for Nimbostratus rankNimbostratus
Aug 09, 2018

LTM/ASM Stacking Policies - BIG-IP 12.1.2

Hey all,


I believe it was asked in the past (I found a few articles from years ago), but wanted to ask again. Looking to possibly get LTM policy to have stacked ASM policies. Ideally, would like traffic to be routed through each one, as using the filters would essentially drop out necessary traffic.


Concept is as follows: - All traffic flows through a limited block ASM policy (only specific attack signatures/items/etc.) - All traffic that isn't blocked previously flows through another transparent ASM policy for monitoring purposes (includes other attack signatures, other items for traffic learning, etc.)


And so on, essentially if traffic is not blocked or stopped from previous specific policy, it would move to the next one or a more broader policy. Any thoughts or setup ideas?


1 Reply

  • Simply upgrade to v13.x as F5 ASM has support for Layered policies from v13.0.


    If you are stuck with v 12.1 then it is a bit tricky but still possible - basically you will have 2 virtual servers - one with base policy and another with elevated one and you will need to write an irule which will use the "virtual" iRule command to forward traffic from one VIP to another.