Bug ID 498361: Manage ASM security policies from BIG-IQ

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP ASM, BIG-IQ(all modules)

Known Affected Versions:
11.6.2 HF1

Fixed In:
11.5.2 HF1

Opened: Dec 24, 2014

Severity: 2-Critical


Certain aspects of ASM Security Policies on BIG-IP 11.5.2 cannot be managed by BIG-IQ Security.


BIG-IQ Security cannot effectively manage ASM on BIG-IP 11.5.2.


Using BIG-IQ Security to manage ASM on BIG-IP 11.5.2.



Fix Information

New ASM security policies can now be created by BIG-IQ version 4.5. Currently, discovery of 11.5.2 HF1 by a 4.5 BIG-IQ is disabled by default on the BIG-IP system, and can be turned on by changing the rest_api_extensions option to '1' on the Advanced Configuration/System Variables screen in the ASM user interface (navigate to Security: Options: Application Security: Advanced Configuration: System Variables) on the BIG-IP system. After saving the change, the user is instructed to do a 'tmsh restart sys service asm'. Additionally, the user should restart the httpd service via: 'bigstart restart httpd'.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips