Comparing F5 Advanced WAF and BIG-IP ASM

I’ve worked with F5 LTM, APM, ASM and DNS. I think the first one, LTM, is the most used because it’s really powerful and really easy to use. ASM and APM modules are also interesting for protecting web applications and connecting to virtual private networks. They are increasingly used. The DNS or even AFM modules are also used but less than main modules such as LTM, APM and ASM. What’s really interesting is all of them are easy to use. The GUI is friendly. However, there is a new module we have to know. I think, F5 Advanced WAF is the module which will come to replace F5 ASM.

On one hand, we can protect web applications with F5 ASM from the beginning of the installation. We can start creating a basic security policy with attack signatures and protocol compliance. This simple policy is enough for protecting web applications against 90% of attacks. However, we can also improve the security policy with bot protection, XXE protection, CSRF protection, etc. The more you use your WAF, the better your security policies will be!

Another interesting protection technique for most web applications is L7 DDoS protection. DDoS attacks are very difficult to block. For instance, UDP flooding attacks can use all your bandwidth and your services will be inaccessible. It’s nearly impossible to stop this attack. However, there are many others DDoS attacks which can be blocked with L7 DDoS protections. For instance, lots of small requests from malicious users, which want to consume all resource of web servers, can be detected and blocked.

On the other hand, F5 LTM is one of the main module everyone knows. This module allows us to balance the load of lots of servers. It has many health monitors ready to use such as HTTP, LDAP, MQTT, etc. It has lots of load balancing methods such as round robin, least connections, ratio, etc. It has many profiles persistence such as source address, cookie, hash, etc. It has all you need to balance applications.

F5 Advanced WAF (AWAF) is a combination of BIG-IP ASM, L7 DDoS protection, and a selection of core BIG-IP LTM features. Therefore, F5 AWAF is much more than F5 ASM because we’ll have more L7 DDoS protection and lots of features of the LTM module. It has also more load balancing methods than ASM, and profiles persistence are included, which are not included in ASM. In addition, pool members are not limited, which is limited to 3 in ASM. If you want to get more information, you should read the next KB14231234: Comparing F5 Advanced WAF and BIG-IP ASM profiles and features.

To sum up, if you are looking for a Web Application Firewall with advanced features such as L7 DDoS protection and load balancing methods, AWAF is the best solution. However, if you also need to balance applications other than web applications such as mail application, LDAP or BBDD applications, you will also need the LTM module. What’s more, if you need VPN features or DNS feature, you will also need to deploy the DNS and APM modules.

Have a nice day! Do you already know which F5 module fits your needs?