Technical Forum
Ask questions. Discover Answers.
Showing results for 
Search instead for 
Did you mean: 
Custom Alert Banner

WAF profile replicate


Hi All,

When we have a DR setup and we have WAF enabled in the Active site then how do we keep identical learned copy of the WAF profile on both sides? 

Usually Primary site WAF profile is matured during the time being but how do we keep the same mature profile in DR site as well? 




Hi Gayan,

This article might help you out: Syncing ASM WAF Policies Between F5 BIG-IP's in Di... - DevCentral

Have fun,


Also Terraform can be a nice way to go outside of what @Niels_van_Sluis  mentioned as it can even take in account the policy builder suggerstions:


Manage F5 BIG-IP Advanced WAF Policies with Terraform (Intro)

Manage F5 BIG-IP Advanced WAF Policies with Terraform (Part 1 - Policy Creation)

Scenario #5: Manage an F5 BIG-IP Advanced WAF Policy with Policy Builder on a single device


Other than that you can create the policy on BIG-IQ and distribute it to the F5 devices you want:


Deploying a web application firewall policy with c... - DevCentral (




Thanks a lot to both @Nikoolayy1  and @Niels_van_Sluis

@Niels_van_Sluis can we implement CI/CD and continuously develop based on suggestions? 

Not sure if your question about CI/CD is for me, but I think the articles that @Nikoolayy1 mentioned about Terraform come close on how to implement CI/CD. 

If you want CI/CD use terraform or AS3 Declarative WAF (you can use ansible or terraform to again push as3) and host the WAF config in github. If you want to also handle learnings with policy builder then terraform is better or you can just make your own automation by using the api to export them.

Displaying BIG-IP ASM learning suggestions using the iControl REST API (

Exercise 3.3 - Deploying a WAF policy through AS3 (


    "new_asm_policy": {
      "class": "WAF_Policy",
      "url": "",
      "ignoreChanges": true