F5 LTM and WAF module for the same endpoints

starboy · ‎27-Dec-2022

Hi all

I have F5 BIG-IP Hardware appliance and I have LTM and WAF module enabled and I want to use both modules and I want to ask if it is possible if I can use load balancing and WAF for the same servers and is there any design guide or consideration I mus check prior? if an resource that helps me I appreciate it.

Regards

Amine_Kadimi · ‎27-Dec-2022

This works out of the box, no worries to have. You may configure yout LTM infrastructure first to make sure everything is OK before applying the WAF policy to the VS. Standard guides for LTM and ASM are sufficient.

Technically, when you apply ASM policy to a VS a local traffic policy is assigned to the VS and takes care of handing traffic to the ASM module which then either stop the request (if configured to do so) or hand it back to the LTM module.

https://support.f5.com/csp/article/K17036

View solution in original post

Amine_Kadimi · ‎27-Dec-2022

This works out of the box, no worries to have. You may configure yout LTM infrastructure first to make sure everything is OK before applying the WAF policy to the VS. Standard guides for LTM and ASM are sufficient.

Technically, when you apply ASM policy to a VS a local traffic policy is assigned to the VS and takes care of handing traffic to the ASM module which then either stop the request (if configured to do so) or hand it back to the LTM module.

https://support.f5.com/csp/article/K17036

AlexS_yb · ‎27-Dec-2022

We have something similiar but we have APM in the mix as well.

If you are going to add APM to themix

You need to pre think what you want to happen first ASM or APM and potentially stack VS depending on those requirements.

DevCentral

F5 LTM and WAF module for the same endpoints