Web Attacks in IP Intelligence Vs ASM Policy

Question

Hi,&nbsp;
We have a variety of applications that each have ASM policies to protect against web attacks etc. We also have IP Intelligence enabled in monitoring mode at the moment which we will switch to blocking mode for some categories shortly. &nbsp;
One of the available categories in the IPI setup is "Web Attacks". I am curious as to whether there is any benefit or risk enabling this if I already have a tailored, configured ASM policy. Which takes precedence, the ASM Policy Rules or the IPI Rules if they are each running. &nbsp;
I expect if both the ASM Policy and IPI web attack prevention are each enabled, then the traffic would be subject to both sets of rules?&nbsp;
Thank you.&nbsp;

nathe · Answer

saidshow&nbsp;
The traffic will be subject to both, however, as IPI works at the network layer then this will be triggered first, if the source IP was a known, malicious IP address, for instance.&nbsp;
IPI works hand in hand with the security features of both AFM and ASM and adds an extra layer of possible protections.&nbsp;
Hope this helps,&nbsp;
N&nbsp;

Forum Discussion

Web Attacks in IP Intelligence Vs ASM Policy

1 Reply

Recent Discussions

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

F5 Access Guard Deprecated: ZTA APM

F5 loadbalancer not working

Pricing when used with aws waf

F5 terminal - help to run commands - disk space full

Related Content

The Power of IP Intelligence (IPI)

Enriching AFM with public domain Threat Intelligence

About IP intelligence

iRule for AFM IP Intelligence security policy to work with HTTP XFF (X-Forwarded-For) headers

IP-Intelligence and IP-Shunning