Need to add multiple scanner IP to ASM policy

Question

Hello Team,&nbsp;In our environment we have onboarded 40+ application on F5 ASM WAF and for all application we have created individual security policy but now there is one requirement, we need to whitelist multiple Scanner IP from ASM policy, so if i will add each IP manually then it will be very time consuming task.&nbsp;So if i create parent policy and add all IP in IP exception so can it will work if i add all security policy as child policy ?is there any Impact because we have performed multiple changes in security policy as per application requirement and we do not want to touch those changes.&nbsp;&nbsp;Sunil

bookere1 · Answer

To: avinasheokumar1@DogNeedsBest&nbsp;So if i create parent policy and add all IP in IP exception so can it will work if i add all security policy as child policy ?is there any Impact because we have performed multiple changes in security policy as per application requirement and we do not want to touch those changes.You can create an IP type LTM data-group and define the allowed IP/subnet values. Then you can use an iRule to check the source IP address of the incoming traffic against the data-group and allow or block it accordingly.

Forum Discussion

Need to add multiple scanner IP to ASM policy

1 Reply

Recent Discussions

iRule resulting in too many redirects

Azure SAML - F5 APM

Converting config to DO

Wildcard SSL Certificate Deployment on F5 LTM

URL

Related Content

Reviewing vulnerability scanner results for an Access Policy Manager (APM) protected Virtual Server

Reviewing vulnerability scanner results for an APM protected Virtual Server - part two

Auditing Security Policy Updates

Minimizing Security Complexity: Managing Distributed WAF Policies

Manage F5 BIG-IP FAST with Terraform (Part 3 - Manage multiple AWAF policies based on HTTP criteria)