question

James K. avatar image
James K. asked ·

Any UEM issues or conflicts with F5 BIG-IP Application Security Manager (ASM)?

F5 load balancers are used here and they plan on enabling it's web application firewall (WAF) called ASM (Application Security Manager): https://f5.com/products/big-ip/application-security-manager-asm - not that we're expecting issues but we would like to know if anyone has run into any conflicts or issues with the uem monitor signals getting sent back to the web server agents. Thanks!

6.5uemsecurity
10 |2000000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 50.0 MiB each and 250.0 MiB total.

1 Answer

Werner S. avatar image
Werner S. answered ·

I'm currently running into issues with UEM & F5 ASM...

It blocks DynaTraceMonitor POSTs:

  • Attack signature detected: "date" execution attempt in: Y_USERNAME,UserName,,username;KEY_PASSWORD,Password,,password;#/date-de-déménagement",0x20"mtime":1493211830000,0x20"ref":"https://b

Since we're using a single page app and display a 'Service Not Available' page when receiving specific http return codes (in our case we receive a 403 forbidden for DynaTraceMonitor), and this renders the application completely unusable (many users were impacted).

We're currently looking at creating an exception rule on the BIG-IP...

2 comments Share
10 |2000000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 50.0 MiB each and 250.0 MiB total.

Check if you are reporting the even to proper DynatraceMonitor. Check if CORS checkbox is causing issue. Check if all traffic is going over https. Check if cookie needs to be secure or not.

0 Likes 0 · ·

We just deployed ASM as well and I am seeing multiple different items being blocked. Did you end up writing the rule and did it work?

0 Likes 0 · ·