Forum Discussion
suthomas1
Cirrostratus
CirrostratusAsm policy blocking
Good day all, i have read that new ASM Policy is in learning mode for 7 days. After this period, is there manual action needed to put it in blocking mode after 7 days?
LB
Cirrus
CirrusAgain, just adding to what Erik stated.
You need an http profile (https://support.f5.com/csp/article/K40243113) to allow deep packet inspection, which is required for ASM processing (https://techdocs.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-implementations-12-1-0/34.html >> control + find "http profile"). Any http/80 virtual server should redirect to 443 (hopefully the site is configured for https), and the ASM policy can be applied to both virtual servers (but it shouldn't matter over https if there's a redirect irule/traffic policy).
