MVPdoes anyone know if it is possible to use ASM with a general policy to scan traffic to many http servers without having to define all these as a virtual server?
with 11.4 i don't see the option to attach a policy to anything (IP forward, performance L4) except a standard virtual server.
NimbostratusTo use ASM you have to define a standard virtual server with a http profile.
What you can do is to define a wildcard virtual server listening on port 80 for example.
Then you will able to scan traffic going to your webservers.
MVPhmmm, but that would mean connecting directly to the backend IP right? means you do loose some normal configuration.
NimbostratusNo you can define a wilcard virtual server on the external side (VLAN).
But you will loose the pool selection based on your virtual server choice (you will have to use iRule).
EmployeeHi Boneyard,
You can follow Thomas recommendations but be careful regarding your ASM policy size. If you have many applications on the same policy, you will increase CPU load.
Take care. Matt
MVPthanks, yeah that sounds logical. still doesnt feel like the way forward.
CirrusI would seriously guard against doing this. What are you trying to achieve? ASM policy should be customized per application -- the more broader and 'generic' you get - the less valuable the tool becomes, and after a while it starts looking like your corporate firewall, and about as useful.