Forum Discussion

Nimbostratus

Jan 25, 2019

Single virtual server with multiple apps and ASM policies

We have a virtual server that has multiple apps associated with it and the traffic is being directed to the correct pools through an iRule. I need to setup some individual ASM policies for each app ...

ASM Advanced WAF

security

KeesvandenBos

MVP

Jan 27, 2019

Hi Randy,

You can assign only one ASM policy to a virtual server, not multiple.

What you could build is a layered/targeting virtual server setup. Your first virtual server will target a second "backend" virtual server instead of a pool for a specific application.

Based on host header/tls server name (use a traffic policy for this) the first virtual server will forward traffic to one of the "backend virtual servers" (Use IP addresses that the users can't reach for these virtual servers).

You can assign a ASM policy to each "backend" virtual server with the application specific security. (and a pool, application specific irules, profiles ect)

See this lightboard lesson on VIP Targeting VIP lightboard lesson

And this article for a example of the SNI routing traffic policy.

Cheers,

Kees

Forum Discussion

Single virtual server with multiple apps and ASM policies

Recent Discussions

Rundeck ansible F5 errors

What is the meaning is 52% block in WAF

rewrite Azure AD response for portal access via web portal

AS3 Monitoring multiple ports selectively

Open Redirection Mitigation

Related Content

Reviewing vulnerability scanner results for an Access Policy Manager (APM) protected Virtual Server

Auditing Security Policy Updates

Virtual server security policy

Minimizing Security Complexity: Managing Distributed WAF Policies

Integrating SSL Orchestrator with Fortinet FortiGate Virtual Edition as a Virtual Wire