Forum Discussion
Steph
Oct 06, 2017Nimbostratus
Hi Chris,
I had the idea of duplicating the policy, the discipline about syncing both policy is not an issue ;) The tools on the F5 (Policy Diff) will help a lot. The concerns are more related to the business who want "One and Same" policy for both.
You are correct, there will be the internal IP range which should be in blocking mode in the first place, and the rest of the world in transparent.
There will be 2 VS pointing to the same policy : * one internal * one for the others
Using exclusion list will make the story a bit complicated. An iRule to disable ASM would take not more than 3 lines of code... instead of a "disable ASM" I could use a command to set the policy to transparent... but I can't find anything about that.