Hi Zafer,
It is possible to configure a BIG-IP as a bridge from v9.4.2 onward - it will be able to bridge all non-HTTP traffic at L2, while taking a L7 tap for any traffic you wish to inspect (including doing HTTPS termination if you wish to inspect HTTPS traffic).
The configuration includes a VLAN Group to bridge traffic and then more or less specific VIPs to tap traffic depending on your requirements - there should be a document on this on AskF5 soon, if there is not already one here (and if you need the document, let me know, I'm sure we can have it published here for you).
The basic BIG-IP product should then give you the DDoS protection you require, while the ASM part will give you the HTTP inspection you are looking for.
To protect largely based on Signatures, I would recommend starting with our "Rapid Deployment Poilcy" in v9.4.4 and later. This will give you wildcard protection on Object Types, Objects and Parameters which will get you the signature protection you are looking for.
I would recommend ensuring you do not have Tightening enabled for too many configuration objects if you have a live environment with a great deal of traffic, as producing the tightening learning suggestions places an additional load on the product.
Does that help answer your questions?
Regards,
Aaron
Nimbostratus
