yes, I am aware of https://support.f5.com/csp/article/K22154255
But I have an ASM SyncOnly device group cause the ltm configuration differs (other datacenter/ other adressing scheme)
According to the article I have to enable a Snyc-failover group. What happens with my LTM configuration? It may synced as well, right?
How to workaround this? Why DoS and Bot Defense acting in a different way to the ASM Policy?
Thank uou in advance
You need to create a sync-only group, not a failover group because you only going to use it for sync ASM Policy.
When you create the sync only group you need to assign it to ASM in the path:
Security ›› Options : Application Security : Synchronization : Application Security Synchronization
LTM configuration will not modified objects under /Common are only synced with the sync-failover.