asm practices for CPU/ memory tuning

Question

Hi,&nbsp;
Considering an environment with standalone ASM deployment (BIG-IP 4000, 30 VS, 15 security policies without important changes for the last year), and a CPU usage between 40-45%. Will the CPU percentages increase considerably by adding features such as Anomaly detection and/or DoS protection to all security policies, while the system is not under attacks related to said features?
And what would happen during an attack?&nbsp;
Thanks&nbsp;

samstep · Answer

If you have learning enabled on ASM all the time then that does consume CPU, also anomaly detection based on on URL or client-side integrity will consume CPU. &nbsp;
A particular hog is event correlation, check out this article:&nbsp;
https://support.f5.com/csp/article/K22029939&nbsp;
It is not possible to predict CPU usage under attack, depends on your policy!
If you have performance concerns you should consider scaling your architecture/upgrading ASM hardware&nbsp;

samstep · Answer

If you have learning enabled on ASM all the time then that does consume CPU, also anomaly detection based on on URL or client-side integrity will consume CPU. &nbsp;
A particular hog is event correlation, check out this article:&nbsp;
https://support.f5.com/csp/article/K22029939&nbsp;
It is not possible to predict CPU usage under attack, depends on your policy!
If you have performance concerns you should consider scaling your architecture/upgrading ASM hardware&nbsp;

Forum Discussion

asm practices for CPU/ memory tuning

2 Replies

Recent Discussions

ASM instance creation

[ASM] - what is "Browser Challange file" ?

[ASM] - HTML5 Cross-Domain Request Enforcement - CLI command

Reverse Proxy Not Behaving

Stable Firmware for F5

Related Content

AS3 Best Practice

Memory Safety: CISA and NSA guidance on CWE-1399

F5 Certified Practice Exams

Cipher Suite Practices and Pitfalls

Tuning the TCP Profile, Part One