I have the Exchange 2016 with LTM and APM (using iApps) all working fine with APM and LTM.
Now I enable the ASM with main goal to use the Geolocation protection but is not blocking or doing anything. I do have the XFF enable and I can see in the sessions the correct source IP but the ASM is not blocking it, any idea?
You have to check "Trust XFF Header" (Trusting X-Forwarded-For headers in the BIG-IP ASM system):
Security ›› Application Security : Policy : Policy Properties then chec "Trust XFF Header".
You have here article about this functionnality:
You can also set you Geoloc restriction in APM:
K79414542: Configuring geolocation enforcement
Thanks but unfortunately this didn't work and according to the F5 the only way to have this work with Exchange was, creating 2 virtual servers one for ASM only and then fwd the traffic to the LTM/APM virtual server of Exchange and with it the ASM Geolocation was working fine.
Flow like this;
Internet IP Virtual Server with ASM Policy -> FWD Traffic to the local Virtual Server that have the APM and LTM settings for Exchange
I tried the XFF functionality but didn't work.