Forum Discussion

Nimbostratus

Mar 07, 2024

Need to add multiple scanner IP to ASM policy

Hello Team, In our environment we have onboarded 40+ application on F5 ASM WAF and for all application we have created individual security policy but now there is one requirement, we need to whit...

Nimbostratus

Mar 07, 2024

To: avinasheokumar1@DogNeedsBest

So if i create parent policy and add all IP in IP exception so can it will work if i add all security policy as child policy ?
is there any Impact because we have performed multiple changes in security policy as per application requirement and we do not want to touch those changes.

You can create an IP type LTM data-group and define the allowed IP/subnet values. Then you can use an iRule to check the source IP address of the incoming traffic against the data-group and allow or block it accordingly.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Need to add multiple scanner IP to ASM policy

Jonathan - March 2026 Featured Member

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

2026 F5 DevCentral MVP Announcement

Recent Discussions

Changes to DO and AS3 GitHub - no longer monitored

ASM/AWAF declarative policy

Help with SSH Virtual Server

GRE Tunnel Issue

Help with an iRule to disconnect active connections to Pool Members that are "offline"

Related Content

Reviewing vulnerability scanner results for an Access Policy Manager (APM) protected Virtual Server

BotPoke Scanner Switches IP

Using n8n To Orchestrate Multiple Agents

Fine-Tuning F5 NGINX WAF Policy with Policy Lifecycle Manager and Security Dashboard

LTM Policy

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS