Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Clear all filters
Answers

Virtual Wires with ASM and/or HA

Hi team! Does the new feature Virtual Wires work with ASM? Can we configure a VS with ASM enabled?

Does Virtual Wires work with F5 HA?

Thanks!

0
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

It should, all you need is a virtual server that is able to inspect the traffic. ASM is been working in L2 virtual servers for quite a long time as far as I know.

Regarding virtual wire in HA as that is mainly L2 forwarding there will be only one path from one point to another, in case of failover the adjacent switched will need to learn about the new path through the new active big-ip, it should be automatic.

To be honest, I have not tested but I don't see HA could be a limitation for virtual wires.

0
Comments on this Answer
Comment made 14-Feb-2018 by Franco 170

Hi! Thanks for your time, I suspect ASM will not be able to block requests because in the manual is written: "This type of configuration is typically used for security monitoring, where the BIG-IP system inspects ingress packets without modifying them in any way".

Can someone please confirm?

Thanks!

0
Comment made 14-Feb-2018 by Daniel Varela 701

ASM is not aware hoy you ltm is deployed (l2, l3, virtual wire) so as far as you have a virtual server to manage traffic and you add a security policy, if the policy is in blocking then you will be blocking traffic.

I have not played with it yet but this is how it usually works on big-ip.

0
Comment made 28-Jun-2018 by THi 1154

Has anybody tested this with ASM yet?

0
Comment made 06-Jul-2018 by MEmin 58

@THi We've tested it and did not work. F5 said that it would be ok at 14 version.

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Anyone tried this with version 14? Still not possible, or I made a mistake in configuration.

0
Comments on this Answer
Comment made 2 months ago by boneyard 5579

hit up support if it doesn't.

0