Any suggestions for beginner?

Question

Gregarious greetings, 
&nbsp;  
&nbsp; I am a junior programmer.  My employer has purchased BIG-IP 9.4.5 Build 1086.1 Hotfix HF2. 
&nbsp;  
&nbsp; Others here have installed the F5 ASM.  Already there are the pools and server names and IP addresses and such. 
&nbsp;  
&nbsp; I am responsible for doing only the Application Security part of it. 
&nbsp;  
&nbsp; I have read the 416-page ASM Configuration Guide Big IP Application Security Management manual several times. 
&nbsp;  
&nbsp; I am a bit confused though.  I do not understand how and where in F5 ASM I bring up a web page of one of our apps to hook up a text box to the F5 ASM's web application security.  Maybe I am not understanding the manual well enough.  I have been given Policy Admin rights and not Admin rights as I was told here at work that I only need to be a Policy Admin and not an Admin.   
&nbsp;  
&nbsp; Does anybody know of any other documentation or manual that is a bit more simplified and easier to follow?  Does anybody have any suggestions by chance?  I am beginning to try to use one of our web apps in F5 ASM and learn how to do everything necessary in the Application Security part of F5 ASM.  I just am having problems getting started and understanding the basic things that I need to do and the order in which to do 'em. 
&nbsp;  
&nbsp; Anyway, if anybody has any suggestions or knows of another more simplified manual for the Application Security part of it, please let me know.  I also have read the BIG-IP_Application_Security_ManagerImplementations.pdf file that is 104 pages in length and it seems to be basically the same as part of the 416-page ASM Configuration Guide Big IP Application Security Management manual. 
&nbsp;  
&nbsp; I thank you in advance.

benjamin_9036 · Answer

Salutations in return! 
&nbsp;  
&nbsp; I'm afraid your question is a little bit vague, so I'm not certain I have a good answer for it. The ASM policy can be viewed as a largely hierarchical structure. From the proverbial bottom up, Parameters belong to URLs/Objects, and URLs/Objects belong to Object/File Types. You can, of course, create global parameters also, but it sounds like you probably need to define more of your application. 
&nbsp;  
&nbsp; Do you have any traffic moving through your policy? Monitoring learning suggestions after browsing an application with the ASM in Transparent mode is a good way to get a feel for the elements of the policy. 
&nbsp;  
&nbsp; It sounds like you've done quite a bit of reading up on the subject, too! I would consider revisiting some of the configuration guide. They may focus more on using automatic policy creation and the policy builder, but can reinforce some of the basic principals once you see them in action. 
&nbsp;  
&nbsp; Let us know how it goes! =]

mwitt_65218 · Answer

Howdy Ben, 
&nbsp;  
&nbsp; Thanks very much for your reply.  Late last Friday afternoon, Justin from F5 Tech Support called me as I had opened a Case Number/Ticket. 
&nbsp;  
&nbsp; Justin kindly helped me.  I found out that our Admin needs to go to Virtual Servers in the Local Traffic section, click the server for the 443 port, click Resources tab, go to HTTP Class Profiles, click Manage, and then bring in the Application Security class with the Left Arrow.  I only have been given Policy Editor Admin rights.  The port 80 was fine already. 
&nbsp;  
&nbsp; I also learned that I do not need to create an Object for a web page's control.  I create a user-input parameter and name it exactly like the name of the user control.  I can View Source in the Browser on a web page and find the name of the control.  I have an Object for the web page.   
&nbsp;  
&nbsp; He explained that when adding the user-input parameter, I only need to bring to the left with the Left Arrow any Meta Character that I wish to allow.  All Meta Characters are disallowed by default.  I only bring in (bring to the left with the Left Arrow) any Attack Signature that I want to disallow.  This area is only for overriding the global settings.   
&nbsp;  
&nbsp; If I want to disallow an Attack Sig, I bring it in by using the Left Arrow.  If I want to allow a Meta Character, I bring it to the left with the Left Arrow. 
&nbsp;  
&nbsp; I should use Policy Building - Manual to look at the logs because I can click there a log and be launched into a policy building wizard so to speak.  In the Reports section, I can only click a log to Accept. 
&nbsp;  
&nbsp; I need to go to Policy - Blocking tab at top - Settings to check the checkboxes for everything to be sure that Learn and Alarm have check marks. 
&nbsp;  
&nbsp; The LEARN puts the log into Policy Builder.  The ALARM puts the log into the Reports.  The BLOCK truly blocks the users.  So I must go there and check all of the Learn and Alarm checkboxes. 
&nbsp;  
&nbsp; Anyway, this week I'll try to do this stuff and I hope to start getting logs and be able to play around with it and learn more about using F5. 
&nbsp;  
&nbsp; I have not received any training and just have the 416-page User Manual.  Maybe I can convince my employer to send me to pay for some training (either Online Remote training or one of those 4-day classes that I would attend in another city). 
&nbsp;  
&nbsp; Thanks again very much for your reply, Ben! 
&nbsp;  
&nbsp; mwitt

Forum Discussion

Any suggestions for beginner?

Recent Discussions

Can F5 be in Bridge Mode or a L2 DDOS to protect from L3-L4 DDOS attack

Statistics ›› Analytics : HTTP : Overview

VS FORWARDING & ROUTE

Diameter iRules attachment?

Source IP F5 DNS Zone Forwarder

Related Content

Managing NGINX App Protect WAF for Beginners

F5 - Certification Path - Beginner

How To learn F5 for beginner

Beginners guide to Ansible and F5 Integration

22 Beginner Travel Tips

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS