Forum Discussion
Chris_Grant
May 06, 2016Employee
The ASM is an HTTP web application firewall. It can scan outbound HTTP traffic so long as the traffic is not encrypted as it passes through the BigIP. It cannot scan FTP traffic. SFTP traffic is a larger problem, as it is not only FTP rather than HTTP traffic, it is encrypted, and the BigIP does not have a good way to decrypt it.
If you are trying to scan HTTP traffic being served you need to configure Dataguard. Dataguard's entire purpose in life is to get the ASM to block outbound traffic that matches sensitive data. You can read about dataguard here: https://support.f5.com/kb/en-us/solutions/public/8000/300/sol8363