Forum Discussion
Girishb401
Mar 31, 2021Nimbostratus
OK..I am not sure about that we allowed to c provision a BIG-IP ASM (new) on F5 LB.
And I also checked with F5 TAC engineer and he suggested as below
"The security scan will test the traffic all the way through the virtual server, to the pool member. Since the BIG-IP virtual server is not generating the cookie, it must be the pool member server that is generating it. Therefore, the Qualys scan would be indicating that the vulnerable component is the server, NOT the BIG-IP virtual server."
So Finally he is pointing something to check on backend server.
so I am a bit confusion what decision need to take on this