Forum Discussion

yosry92_331999's avatar
yosry92_331999
Icon for Nimbostratus rankNimbostratus
Jan 01, 2018

What is the maximum count of entities can asm policy have?

What is the maximum count of entities can asm policy have? is there a limit or it's unlimited?

 

  • ...version 12.1.2 i mean url entites

    This is undocumented so I had to test. Used VIM to create a ton of dummy

    Allowed URLs
    , and imported ASM policy as XML. No problems encountered at 5312 (when I stopped my tests). In practice, it's highly unlikely anything less than 8192 is the limit. Regardless of the exact number, this is more than enough. You never define more than around 100 Allowed URLs per policy. Even at 50 URLs it makes sense to use some wildcards. After 100, it makes sense to turn the tables and go with a negative security model (you define what is NOT allowed)

    For reference, my test Screenshot

6 Replies

  • This is different across entities, and also different across BigIP ASM software versions. What version and what entity in particular?

     

  • ...version 12.1.2 i mean url entites

    This is undocumented so I had to test. Used VIM to create a ton of dummy

    Allowed URLs
    , and imported ASM policy as XML. No problems encountered at 5312 (when I stopped my tests). In practice, it's highly unlikely anything less than 8192 is the limit. Regardless of the exact number, this is more than enough. You never define more than around 100 Allowed URLs per policy. Even at 50 URLs it makes sense to use some wildcards. After 100, it makes sense to turn the tables and go with a negative security model (you define what is NOT allowed)

    For reference, my test Screenshot

  • ...version 12.1.2 i mean url entites

    This is undocumented so I had to test. Used VIM to create a ton of dummy

    Allowed URLs
    , and imported ASM policy as XML. No problems encountered at 5312 (when I stopped my tests). In practice, it's highly unlikely anything less than 8192 is the limit. Regardless of the exact number, this is more than enough. You never define more than around 100 Allowed URLs per policy. Even at 50 URLs it makes sense to use some wildcards. After 100, it makes sense to turn the tables and go with a negative security model (you define what is NOT allowed)

    For reference, my test Screenshot