We have a virtual server with SSL offloading enabled. Now application will have some wss url's which needs to be allowed through F5. F5 version running is 220.127.116.11. Will this be enabled by default or any steps to enable WSS protocol on VIP. There is also a ASM profile in block mode attached to the VIP
You must have Allowed WebSocket URLs to your ASM policy. Your policy might not have these added automatically, especially if it came from an earlier version of ASM.
Navigate to the correct partition, and then: Security > Application Security > URLs > Allowed URLs > Allowed WebSocket URLs. Ensure you have the correct policy selected from the drop down, and that there are wildcard WS/WSS URLs (or more specific ones, if you want).
Without any Allowed WebSocket URLs, websockets will be blocked by ASM.