Use one ASM policy for multiple classes?

Question

I'm trying to find out if it's possible to use the same ASM policy on multiple classes and/or Virtual Servers.

Basically I've got multiple virtual servers that I want to have the same ASM policies applied, and be able to manage one policy for all of them, instead of one policy for each.

If that's not possible, is there a way to get the attack signatures copied over when I copy a policy? Right now when I copy a policy from one class to another it puts all the attack signatures back into staging. I'd like to be able to copy the policy and have all the attack signatures already be applied instead of in staging.

I'm running v 10.2.3

hooleylist · Answer

In 10.x, there is a mapping of HTTP class to one ASM web app to one active ASM policy.  In 11.x they removed the concept of a webapp, so the mapping should be HTTP class to policy.  Regardless, you can assign the same ASM policy to multiple virtual servers using the same HTTP class.  If you want to use different HTTP class filters with the same ASM policy, you could use a single HTTP class and select it from an iRule using HTTP::class select class_name: 
&nbsp;  
&nbsp; https://devcentral.f5.com/wiki/iRules.http__class.ashx 
&nbsp;  
&nbsp; Aaron

Forum Discussion

Use one ASM policy for multiple classes?

1 Reply

Recent Discussions

Disacard SSL::cert mode to ignore when default SSLClient profile is set to request or require

About custome Response Blocking Page

About IPI check ip list

Cookie Violation - Expired TimeStamp.

CGNAT with DS-lite and LSN

Related Content

Access policy, LTM policy and iRules

Manage F5 BIG-IP FAST with Terraform (Part 3 - Manage multiple AWAF policies based on HTTP criteria)

Manage F5 BIG-IP Advanced WAF Policies with Terraform (Part 1 - Policy Creation)

Ruby Web Accelerator Policy Switcher Class

Manage F5 BIG-IP Advanced WAF Policies with Terraform (Part 5 - Working with Policy Builder)