Forum Discussion
ASM learning in transparent questions
- Jun 24, 2014
- What controls learning is the learn flag on the blocking settings page.
- What controls violations is the alarm settings on the blocking settings page.
- What controls blocking is the blocking setting on the blocking settings page.
Given the above, when there is no policy object that permits the access;
- Learning suggestions are reported in manual traffic learning page when the learn setting is set for that violation.
- Violations are reported in logs when the alarm setting is set for that violation.
- Violations are reported when the blocking setting is set for that violation and the policy is in transparent mode.
- Blocking is reported when the blocking setting is set for that violation and the policy is in blocking mode.
Staged entities are policy objects that are not enforceable until they are taken out of staging. Policy objects not in staging are enforceable. For signatures this means they will block malicious behaviour. For policy objects that means they will permit the access specified by the object.
- For point 2, Its must to enable staging as well ...
No. Staging has nothing to so with triggering learning suggestions.
- For point 4, As I know from F5 training
Since I deliver F5 training - It is good to build policy manually to learn the product and understand its capabilities but for large policies it is cumbersome and unwieldy. It is common practice to use automatic policy building to create policy. You use trusted sources to generate the traffic such as the development team testing the application. You can use untrusted sources to add new policy objects with volume usage. I tend to use the first.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com