Forum Discussion

cmard_195831's avatar
cmard_195831
Icon for Nimbostratus rankNimbostratus
Jul 09, 2015

Management of Hosts directly attached to an F5

Hello,

 

We are faced with a problem which we did not have before the new architecture. In our new architecture, we have attached directly to the F5 Apache servers (using a switch). We need to apply patches to these machines (antivirus, application patches etc). How can this be done without affecting the ASM / LTM policies ?

 

Tx BR

 

application delivery
ASM Advanced WAF
BIG-IP Access Policy Manager (APM)
LTM
management
security

4 Replies

  • Kevin_Stewart's avatar
    Kevin_Stewart
    Icon for Employee rankEmployee
    Jul 09, 2015

    You may have a few options here:

     

    1. Temporarily disable the ASM policy (and perhaps take the server out of service)

       

    2. Allow ASM to learn these traffic patterns

       

    3. Bypass ASM policy evaluation for a given set of IPs (the address of the client systems you're using to admin the servers)

       

    The third option is probably the best.

     

  • cmard_195831's avatar
    cmard_195831
    Icon for Nimbostratus rankNimbostratus
    Jul 09, 2015

    Hello,

     

    Many thanks for the answer. Can you pls advise as how the ASM policy can be by-passed, or what is the recommended way of doing so ?

     

    Tx BR

     

  • afedden_1985's avatar
    afedden_1985
    Icon for Cirrus rankCirrus
    Jul 09, 2015

    If the Servers are using the F5 as their default Gateway and you want direct access to the servers via their own IP addresses you will need An ingress forwarder Virtual and for server calls out to your infrastructure you will need a egress Forwarder for the Vlan that the servers are on.