ASM Policy Building

Question

Q1-When Creating Applications , if i choose Deployment Scenario as "Manual" , does this mean that i used Mnaual security policy ? &nbsp;&nbsp;
&nbsp;Q2-When Creating Applications , if i choose Deployment Scenario as "Production" , does this mean that i used Automatic Policy Builder ? &nbsp;
&nbsp;Q3-after finishing the wizard with using deployment scenario as "Production" , the Automatic Policy Builder option wasnot enabled under 
&nbsp;Application security &gt; auto policy building &gt; Configuration but in the same time the GUI showed a message " ASM is detecting traffic" , How come that Auto Policy builder is initiated when using "Production" while Check Box for Auto Builder is not enabled ? &nbsp;
&nbsp;Q4- When using Automatic Policy building , i believe that POlicy Builder will enforce Signatures , URLs ..... after certain period of time , How to know &amp;Control this time ?

sshssh_97332 · Answer

Hi

sshssh_97332 · Answer

Hi  , i need answer for Q3  &amp; Q4

imij_38396 · Answer

hey SSHSSH,  
&nbsp;  
&nbsp; Sorry - i'm not logged into the box at the moment, but there is a place under the ASM policies section that allows you to set the staging time of a policy.  One thing i've grown to making into habbit is always making policies in transparent mode - always - this at least gives me a default window of time before the policy actually goes into production.  I think that amount of time is seven days.  the item you want to look for though is staging time.  i believe if you pull down the asm config pdf file and search on times or staging you'll find it - but, that's what it's called: staging time.  
&nbsp;  
&nbsp; hope this helps.  
&nbsp;  &nbsp;

imij_38396 · Answer

also - after creating policies transparent mode will pick up any security item set to alarm.  for example:  using a simple default policy has certain attack signatures checked as "alarm".  depending on where you have the appliance sitting on your network it will begin to alarm/log items that fail a signature check.

F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

ASM Policy Building

4 Replies

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

can't access on prem dns when using F5LTM as a gateway

Issue with TLS Version 1.1 Deprecated Protocol

Service discovery is not happening in AS3

Load balanced RDP VIP use in APM

Deleting an AS3 Tenant

Related Content

ASM policy build

Post-Quantum Cryptography: Building Resilience Against Tomorrow’s Threats

AFM Policy Building

Building a lab using Proxmox

Lightboard Lessons: BIG-IP ASM Policy Building

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS