Forum Discussion

starboy's avatar
starboy
Icon for Cirrus rankCirrus
Dec 27, 2022
Solved

F5 LTM and WAF module for the same endpoints

Hi all

I have F5 BIG-IP Hardware appliance and I have LTM and WAF module enabled and I want to use both modules and I want to ask if it is possible if I can use load balancing and WAF for the same servers and is there any design guide or consideration I mus check prior? if an resource that helps me I appreciate it.

Regards

  • This works out of the box, no worries to have. You may configure yout LTM infrastructure first to make sure everything is OK before applying the WAF policy to the VS. Standard guides for LTM and ASM are sufficient.

    Technically, when you apply ASM policy to a VS a local traffic policy is assigned to the VS and takes care of handing traffic to the ASM module which then either stop the request (if configured to do so) or hand it back to the LTM module.

    https://support.f5.com/csp/article/K17036

2 Replies

  • This works out of the box, no worries to have. You may configure yout LTM infrastructure first to make sure everything is OK before applying the WAF policy to the VS. Standard guides for LTM and ASM are sufficient.

    Technically, when you apply ASM policy to a VS a local traffic policy is assigned to the VS and takes care of handing traffic to the ASM module which then either stop the request (if configured to do so) or hand it back to the LTM module.

    https://support.f5.com/csp/article/K17036

  • We have something similiar but we have APM in the mix as well.

    If you are going to add APM to themix

    You need to pre think what you want to happen first ASM or APM and potentially stack VS depending on those requirements.