NimbostratusWe have some BIGIP LTM/ASM devices that cannot have access to the internet. Is it possible to host a non-internet connected server repository with copies of the ASM signatures and configure the ASM to automatically (Schedule) download these from this server as apposed to going direct to the F5 Download Site or manually downloading for each ASM.
The next version of the BIG-IQ should be able to download and install signature updates and other incremental updates e.g. threat campaigns, whether via a proxy or direct.
NimbostratusSo currently (v13.1.0) of Bigip ASM cannot be configured for automatic updates to any other location other than the F5 download site?
NimbostratusYes looked at this doc and only supports proxy, but no mention of configuring to download attack sigs from a customer server.
MVPnever read or heard about anyone setting that up.
if you have time to spare you can investigate how the F5 handles it with the public repository and build that yourself. add an entry in your DNS or use a virtual server on that IP to serve the requests. lots of work though, probably better to look into that BIG-IQ option.
