f5 BIG-IP working as IPS

Question

Hello all&nbsp;
I would like to know if somebody has ever tried to make a BIG-IP appliance as an IPS solution, in order to replace for example any of the Gartner IPS leaders' quadrant solutions... I would think we are not able to do so, but I think I heard somebody saying that we can... could you please help me with this doubt? Thanks in advance!!&nbsp;

samstep · Answer

ASM can be used as a Layer7-only IPS (HTTP-based intrusions on ports 80/443). It will not cover lower layers, protocols other than HTTP/HTTPS and things like protocol-tunneling etc &nbsp;

james_affeld · Answer

AFM has an IPS now, Protocol Inspection. It provides protocol compliance checks that implement a positive security model (the traffic must match or it is alerted/dropped/rejected), and signatures that implement a negative security model (matching traffic generates alerts/is dropped or rejected). The signatures implement a subset of the Snort rules language syntax, but the matching engine is different. There's a subscription service available for updated signatures, and users can write their own custom signatures. Custom signatures are a pain due to some validation bugs, but they show a lot of promise.

As a drop-in replacement for an industry-leading IPS, it's probably not viable at this point. As an enhancement where there's already a BIG-IP, yeah it could completely avoid the need to add another device.

Forum Discussion

f5 BIG-IP working as IPS

2 Replies

Recent Discussions

Import PKCS 12 SSL to Device Certificate via API/Script or CLI on BIG-IP

Help with URL Masking

F5 iRule to replace host to path

Chrome V 124+ on MacOS - Virtual Server Access Issue

F5 Rseries R2600 Tenant sizing

Related Content

What is BIG-IP Next?

Getting Started with BIG-IP Next: Fundamentals

BIG-IP Report

Getting Started with BIG-IP Next: Migrating an Application Workload

Re: Get Started with BIG-IP Virtual Edition (VE), BIG-IQ VE or BIG-IP Cloud Edition Trial