Forum Discussion

SSHSSH_97332's avatar
SSHSSH_97332
Icon for Nimbostratus rankNimbostratus
Mar 10, 2012

ASM Policy Building

Q1-When Creating Applications , if i choose Deployment Scenario as "Manual" , does this mean that i used Mnaual security policy ?

 

 

 

Q2-When Creating Applications , if i choose Deployment Scenario as "Production" , does this mean that i used Automatic Policy Builder ?

 

 

Q3-after finishing the wizard with using deployment scenario as "Production" , the Automatic Policy Builder option wasnot enabled under

 

Application security > auto policy building > Configuration but in the same time the GUI showed a message " ASM is detecting traffic" , How come that Auto Policy builder is initiated when using "Production" while Check Box for Auto Builder is not enabled ?

 

 

Q4- When using Automatic Policy building , i believe that POlicy Builder will enforce Signatures , URLs ..... after certain period of time , How to know &Control this time ?
app sec
BIG-IP Access Policy Manager (APM)
security

4 Replies

Sort By
  • Imij_38396's avatar
    Imij_38396
    Icon for Nimbostratus rankNimbostratus
    Jun 22, 2012
    hey SSHSSH,

     

     

    Sorry - i'm not logged into the box at the moment, but there is a place under the ASM policies section that allows you to set the staging time of a policy. One thing i've grown to making into habbit is always making policies in transparent mode - always - this at least gives me a default window of time before the policy actually goes into production. I think that amount of time is seven days. the item you want to look for though is staging time. i believe if you pull down the asm config pdf file and search on times or staging you'll find it - but, that's what it's called: staging time.

     

     

    hope this helps.

     

     

  • Imij_38396's avatar
    Imij_38396
    Icon for Nimbostratus rankNimbostratus
    Jun 22, 2012
    also - after creating policies transparent mode will pick up any security item set to alarm. for example: using a simple default policy has certain attack signatures checked as "alarm". depending on where you have the appliance sitting on your network it will begin to alarm/log items that fail a signature check.