Need to add multiple scanner IP to ASM policy

Question

Hello Team,&nbsp;In our environment we have onboarded 40+ application on F5 ASM WAF and for all application we have created individual security policy but now there is one requirement, we need to whitelist multiple Scanner IP from ASM policy, so if i will add each IP manually then it will be very time consuming task.&nbsp;So if i create parent policy and add all IP in IP exception so can it will work if i add all security policy as child policy ?is there any Impact because we have performed multiple changes in security policy as per application requirement and we do not want to touch those changes.&nbsp;&nbsp;Sunil

bookere1 · Answer

To: avinasheokumar1@DogNeedsBest&nbsp;So if i create parent policy and add all IP in IP exception so can it will work if i add all security policy as child policy ?is there any Impact because we have performed multiple changes in security policy as per application requirement and we do not want to touch those changes.You can create an IP type LTM data-group and define the allowed IP/subnet values. Then you can use an iRule to check the source IP address of the incoming traffic against the data-group and allow or block it accordingly.

Forum Discussion

Need to add multiple scanner IP to ASM policy

Recent Discussions

F5 looses the token for the first call

iRule - Url rewrite and header replace and pool selection not working

Switch ssl profile based on weak cipher detection via IRULE

full-proxy HTTP2

Decode ObjectSID from Base64-encode string

Related Content

Manage F5 BIG-IP FAST with Terraform (Part 3 - Manage multiple AWAF policies based on HTTP criteria)

Add or delete a parameter from multiple ASM policy or modify multiple ASM policy via API (iControlREST)

Access policy, LTM policy and iRules

Manage F5 BIG-IP Advanced WAF Policies with Terraform (Part 4 - Policy Lifecycle management)

Evaluate WAF Policy with BIG-IQ Policy Analyzer

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS