Forum Discussion
Provisioning AWAF
Hey everyone!
So I'm new to AWAF and figured I'd lab a bit with it to check out the additional features. I have generated a StrongBox license that includes it and added it to my BIG-IP VE running 13.1.1.2. However, I cannot see it under my resource provisioning page.
Now I'm thinking it is included in a separate module like for instance ASM but I'm not sure at all. There should be a difference between ASM and AWAF so I believe they should be run in two separate modules.
Do you guys have any idea? Been googling like crazy but coming up short.
- natheCirrocumulus
Philip,
Had a demo of AWAF a few weeks ago. I can confirm that the provisioned module is still ASM.
Hope this helps,
N
- hari_126827Cirrus
Hi Philip,
Please see the below link K14810: Overview of BIG-IP VE license and throughput limits
under Licensing and provisioning restrictions, there is table explaining the option modules we could adopt in single VE.
As I look into the table we could include AWAF and ASM option is mentioned as "Y"
Thanks, Hari
- hari_126827Cirrus
As per link I could see:
Base VE as ASM then AWAF will be Optional "O"
Base VE as AWAF then ASM will be included "Y"
Contacting F5 support could confirm this I guess more..with reference to K14810
- eben_259100Cirrostratus
Hi Philip,
Had a meeting with F5 system engineers and channel managers last month. And just as nathan said, AWAF will come as an add-on to ASM. So provisioning it will require an add-on license.
HTH eben.
All right, thanks for confirming it. :)
- ebenNimbostratus
Hi Philip,
Had a meeting with F5 system engineers and channel managers last month. And just as nathan said, AWAF will come as an add-on to ASM. So provisioning it will require an add-on license.
HTH eben.
All right, thanks for confirming it. :)
- Philip_Jonsson_Altocumulus
I actually went back to the licensing bits since the table states "Base VE as AWAF". I managed to find one named "WAF". So I deployed a completely new BIG-IP and used that license instead. Now I still cannot select AWAF and based on Nathans reply and my previous suspicion, I should provision the ASM module.
With only ASM provisioned, it still does not seem that I have provisioned "AWAF" since I'm not limited in terms of load balancing options. I should only be able to select this:
Load balancing methods supported:
- Round Robin
- Ratio (member)
- Ratio (node)
- Least Connections (member)
- Least Connections (node)
- Weighted Least Connection (member)
- Weighted Least Connection (node)
- Ratio Least Connection (member)
- Ratio Least Connection (node)
I got the following options:
Here is the new license:
So this does not have anything related to LTM. This does not make any sense haha
- natheCirrocumulus
A BIG-IP licensed just for ASM had limitations on what LTM functions you could use. My understanding is that with AWAF you get 95% of the LTM functionality. There was one key feature you didn't get without LTM too, but I can't recall. Essentially a customer can move from LTM+ASM to AWAF only without any impact.
- Philip_Jonsson_Altocumulus
But the strange thing is that I should be not allowed to use Observed LB method amongst some other but they still appear in both BIG-IPs. One running a Web Application Firewall license with only ASM provisioned and a BIG-IP LTM license running only ASM.
- natheCirrocumulus
Hey Philip, not sure I follow, what do you mean by "i should not be allowed to use Observerd LB method"? Do you mean with AWAF? I understand AWAF is now pretty much on parity as LTM+ASM so, rather than license/provision LTM+AWAF you can just license/provision AWAF and get all the LTM goodness too.
- Philip_Jonsson_Altocumulus
Yeah, that is exactly what I mean. I got the impression that AWAF has many features from the LTM but not all of them and the load-balancing bits are quick way of detecting that. I found the following article, specifying that additional load balancing methods have been added:
Load Balancing: No limit on IP pool members number
Load balancing methods supported:
- Round Robin
- Ratio (member)
- Ratio (node)
- Least Connections (member)
- Least Connections (node)
- Weighted Least Connection (member)
- Weighted Least Connection (node)
- Ratio Least Connection (member)
- Ratio Least Connection (node)
Persistency:
- Cookie Persistency
- Source Address
- Host
- Destination Address
Release Note: BIG-IP 13.1.0 New Features and Installation
I have not seen an article where they have added Observed, Fastest or Predictive so naturally they should not be available in AWAF. I have tried both ASM provisioned BIG-IP with an AWAF license and an ASM priovisioned BIG-IP formed out from an LTM license with best bundle upgrade and additional AWAF license.
When checking persistence I have all options available as well. So it feels pretty odd and like I'm using a regular LTM box.
Both BIG-IP systems are running 13.1.1.2 and release notes in 13.1.1.2 does not specify anything different. So it feels like I'm running a full LTM with only AWAF/ASM provisioned and it does not seem right according to the documentation.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com