3.3. WAF/ASM Policy Deployment

Application Services iApp

In this lab we will deploy a Web Application Firewall policies that can be used by Application Security Manager. Be sure to review the following documentation before continuing:

3.3.1. WAF Policy Deployment via Bundled Resource

  1. Create a new deployment with the following values:

    Field Name Value
    Name Lab3.3
    Template appsvcs_integration_v2.0.003_custom
    Virtual Server: Address 10.1.20.33
    `Virtual Server: Port <AppSvcsiAp p_presoref.html# preso-pool-port> `__ 80
    Pool: Pool Table
    • Row 1:
      • Index: 0
      • Monitor(s): 0
    Pool: Members
    • Row 1:
      • Pool Idx: 0
      • IP/Node Name: 10.1.10.100
      • Port: 80
    • Row 2:
      • Pool Idx: 0
      • IP/Node Name: 10.1.10.101
      • Port: 80
    Monitor: Monitor Table
    • Row 1:
      • Index: 0
      • Name: /Common/http
    Virtual Server: Client-side L4 Protocol Profile /Common/tcp-wan-optimized
    Virtual Server: Server-side L4 Protocol Profile /Common/tcp-lan-optimized
    Virtual Server: HTTP Profile /Common/http
    Virtual Server: Bundled Items
    • Row 1:
      • Resource: asm:asm_example1
    • Row 2:
      • Resource: asm:asm_example2
    L7 Policy: Rules: Matching _
    • Row 1:
      • Group: 0
      • Operand: http-host/request/host
      • Condition: equals
      • Value: www.example1.com
    • Row 2:
      • Group: 1
      • Operand: http-host/request/host
      • Condition: equals
      • Value: www.example2.com
    • Row 3:
      • Group: default
    L7 Policy: Rules: Action
    • Row 1:
      • Group: 0
      • Target: asm/request/enable/policy
      • Parameter: bundled:asm_example1
    • Row 2:
      • Group: 1
      • Target: asm/request/enable/policy
      • Parameter: bundled:asm_example2
    • Row 3:
      • Group: default
      • Target: forward/request/reset

  2. Click the ‘Finished’ button to deploy the template and monitor the deployment log

  3. The initial objects in the Components view does not represent the final state of the deployment as detailed in Execution Flow

  4. Monitor the deployment log and wait for the postdeploy_final process to complete

  5. Review the deployed configuration using the iApp Components view

  6. Review the L7 policy that was created

3.3.2. WAF Policy Deployment via URL

  1. Click iApps -> Application Services -> Lab3.3 -> Reconfigure

  2. Modify the following values and click ‘Finished’:

    Field Name Value
    Virtual Server: Bundled Items

    • Row 3:

      • Resource:

        asm:url=http://<web server IP>/appsvcs/r

    emote_asm1.xml
    L7 Policy: Rules: Matching _
    • Row 3:
      • Group: 2
      • Operand: http-host/request/host
      • Condition: equals
      • Value: www.example3.com
    • Row 4:
      • Group: default
    L7 Policy: Rules: Action
    • Row 3:
      • Group: 2
      • Target: asm/request/enable/policy
      • Parameter: bundled:remote_asm1
    • Row 4:
      • Group: default
      • Target: forward/request/reset

  3. Click the ‘Finished’ button to deploy the template and monitor the deployment log

  4. Monitor the deployment log and wait for the postdeploy_final process to complete

  5. Review the deployed configuration using the iApp Components view

  6. Review the L7 policy that was created

The BIG-IP API Reference documentation contains community-contributed content. F5 does not monitor or control community code contributions. We make no guarantees or warranties regarding the available code, and it may contain errors, defects, bugs, inaccuracies, or security vulnerabilities. Your access to and use of any code available in the BIG-IP API reference guides is solely at your own risk.