Applies To:

Show Versions Show Versions

Manual Chapter: Additional Attack Prevention using BIG-IP PSM and BIG-IP ASM
Manual Chapter
Table of Contents   |   << Previous Chapter


You can configure additional features to prevent attacks, using the BIG-IP Protocol Security Module (PSM) and BIG-IP Application Security Manager (ASM) modules.

What is BIG-IP Protocol Security Module?

One of the modules that you can configure to enhance the BIG-IP system's firewall capability is the BIG-IP Protocol Security Module (PSM). PSM offers these benefits:

  • Provides advanced protocol security and ensures compliance for common internet protocols.
  • Protects your web servers, FTP and SMTP servers, masks sensitive data, and blocks spam.
  • Performs security checks and validation for the HTTP, HTTPS, FTP, and SMTP protocols.
  • Automatically creates HTTP, FTP, and SMTP profiles within PSM when you enable the Protocol Security setting on LTM HTTP, FTP, and SMTP profiles. This ensures that when you create LTM profiles for those traffic types, you take advantage of PSM security benefits.

Applying protocol security to an LTM profile

Before performing this procedure, verify that you have installed and provisioned BIG-IP® Protocol Security Module™ (PSM) on the BIG-IP system.
Use this procedure to apply protocol security to an existing BIG-IP® Local Traffic Manager™ LTM® profile.
Note: This procedure shows how to enable protocol security on an HTTP profile. You can do this for FTP and SMTP profiles as well.
  1. On the Main tab, click Local Traffic > Profiles > Services > HTTP. The HTTP profile list screen opens.
  2. In the Name column, click the name of the profile you want to modify. The properties screen for the selected profile opens.
  3. Select the Custom check box for the Settings area. The settings become available for editing.
  4. Scroll down to the Protocol Security setting, and select the check box.
  5. Click Update.
A corresponding profile appears in PSM.
After creating these profiles, you must assign them to a virtual server.

Advanced Layer 7 protection using BIG-IP Application Security Manager

If you have BIG-IP Application Security Manager (ASM) licensed and provisioned on the system, you can configure ASM to protect against typical Denial of Service (DoS) attacks and Brute Force attacks.

For more information, see the white paper titled Intelligent Layer 7 DoS and Brute Force Protection for Web Applications on the F5 Networks web site

Table of Contents   |   << Previous Chapter

Was this resource helpful in solving your issue?

NOTE: Please do not provide personal information.

Additional Comments (optional)