Forum Discussion

SSHSSH_97332's avatar
Icon for Nimbostratus rankNimbostratus
Mar 10, 2012

ASM Policy Building

Q1-When Creating Applications , if i choose Deployment Scenario as "Manual" , does this mean that i used Mnaual security policy ?




Q2-When Creating Applications , if i choose Deployment Scenario as "Production" , does this mean that i used Automatic Policy Builder ?



Q3-after finishing the wizard with using deployment scenario as "Production" , the Automatic Policy Builder option wasnot enabled under


Application security > auto policy building > Configuration but in the same time the GUI showed a message " ASM is detecting traffic" , How come that Auto Policy builder is initiated when using "Production" while Check Box for Auto Builder is not enabled ?



Q4- When using Automatic Policy building , i believe that POlicy Builder will enforce Signatures , URLs ..... after certain period of time , How to know &Control this time ?

4 Replies

  • hey SSHSSH,



    Sorry - i'm not logged into the box at the moment, but there is a place under the ASM policies section that allows you to set the staging time of a policy. One thing i've grown to making into habbit is always making policies in transparent mode - always - this at least gives me a default window of time before the policy actually goes into production. I think that amount of time is seven days. the item you want to look for though is staging time. i believe if you pull down the asm config pdf file and search on times or staging you'll find it - but, that's what it's called: staging time.



    hope this helps.



  • also - after creating policies transparent mode will pick up any security item set to alarm. for example: using a simple default policy has certain attack signatures checked as "alarm". depending on where you have the appliance sitting on your network it will begin to alarm/log items that fail a signature check.