Attack Signatures updates

Question

Should I make policy on our firewall to permit any for F5-source-IP that be used to update attack signatures or there are list of IPs could be used as repository for these updates?&nbsp;
Which recommended IP should be used for attack signature updates? mgmt IP or Self IP? &nbsp;

ashwin_venkat · Answer

Hello Mahmoud,&nbsp;
If you are having the ASM perform signature updates automatically, then that would require your BIG-IP device to have internet connectivity either via the TMM interface or management interface.  Depending on which route it takes, make sure you have the IP range and port 443 specified in this article: https://support.f5.com/csp/article/K15202 allowed through the firewall policy.&nbsp;

Forum Discussion

Attack Signatures updates

1 Reply

Recent Discussions

Ansible F5 imperative collection works with proxies, declarative collection doesn't

GSLB - Monitoring LTM VIP load balancing via iRule

Problems connecting to vpn after upgrading to ubuntu 24.04

How to Match Dynamic URI Segments in AS3

GCP F5 deployment - Active -Active with config Sync

Related Content

Live Update- ASM attack signatures

Mitigating JSON-based SQL injection with BIG-IP ASM / Advanced WAF Attack Signatures

Are ASM Attack Signature Updates Cummulative?

Wildcard Parameter signature attack

The HTTP/2 CONTINUATION frame attack