WAF for APM Oauth Authorization VS
Hi, We are testing the using of F5 as a OAuth Authorization Server and also a Resource Server. We have a WAF policy attached the VS representing of the Resource Server, which has an IIS server behind it. Since VS of the Auth Server will only utilize APM capabilities and won't actually have any application/web server behind it, I'm wondering if it's advised to add a WAF policy for this VS. I was told it's not necessary but I find it odd, since attackers can still try to attack the F5 itself. Any thoughts?Solved136Views0likes6Comments
Deploy BIG-IP ASM for API Application
Dears My Manager informed me that we need to configure BIG-IP LTM and ASM for API application, what is the API application for F5? Is this different in implementation from normal web application or it is the same? Can you support me with guide or implementation example? Also, if i will implement this for testbed first, Can I copy the ASM policy for production or must make the production policy in learning and transparent mode also?Solved737Views0likes4Comments