We have a variety of applications that each have ASM policies to protect against web attacks etc. We also have IP Intelligence enabled in monitoring mode at the moment which we will switch to blocking mode for some categories shortly.
One of the available categories in the IPI setup is "Web Attacks". I am curious as to whether there is any benefit or risk enabling this if I already have a tailored, configured ASM policy. Which takes precedence, the ASM Policy Rules or the IPI Rules if they are each running.
I expect if both the ASM Policy and IPI web attack prevention are each enabled, then the traffic would be subject to both sets of rules?
The traffic will be subject to both, however, as IPI works at the network layer then this will be triggered first, if the source IP was a known, malicious IP address, for instance.
IPI works hand in hand with the security features of both AFM and ASM and adds an extra layer of possible protections.
Hope this helps,