Traffic interruption by ASM policy exchange?

Question

Hello,&nbsp;
I need to exchange some existing ASM policies. Some are modifiable via the security options section of the virtual server, some need to be changed by creating a draft of an L7 policy (auto asm policy) and publishing it (security options section shows "Manual Configuration").&nbsp;
Does any of these two methods interrupt traffic?&nbsp;
Thanks in advance,
Kind regards&nbsp;

youssef1 · Answer

Hi,&nbsp;
F5 ASM don't interrupt traffic therefore you need to be careful about type of policy. Because some kind of policy are in blocking mode. And can impact production by blocking legitimate traffic...&nbsp;
let me now if you need details.&nbsp;

erik_novak · Answer

With regard to transparent policies, there can be an impact on traffic if you are using threat mitigations which mask characters (Data Guard), or inject JavaScript into an HTTP response including brute force protection, bot defense, web scraping, persistent device tracking, and L7 DoS protection. There will be activity associated with these defenses even if the policy is transparent mode--remember that a DoS profile for example, works with or without an ASM policy.

Forum Discussion

Traffic interruption by ASM policy exchange?

2 Replies

Recent Discussions

import live updates from version x to version y

Tenant image upgrade

iRule editor partition button does not work

F5Access | MacOS Sonoma

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Related Content

BIG-IQ statistics in dashboard missing/interrupted

fellow traffic

Exchange 2016

MS Exchange ProxyNotShell block implemented via iRules

Block traffic