Forum Discussion
ASM Policy in "Blocking" Mode switch to "Transparent" for some IP's
I have a policy that I need to switch to blocking but the business want to have a phased approach. Only the testing team should be in Blocking, while the rest of the business (a different IP range) ...
Steph
Nimbostratus
NimbostratusHi Chris,
I had the idea of duplicating the policy, the discipline about syncing both policy is not an issue ;) The tools on the F5 (Policy Diff) will help a lot. The concerns are more related to the business who want "One and Same" policy for both.
You are correct, there will be the internal IP range which should be in blocking mode in the first place, and the rest of the world in transparent.
There will be 2 VS pointing to the same policy : * one internal * one for the others
Using exclusion list will make the story a bit complicated. An iRule to disable ASM would take not more than 3 lines of code... instead of a "disable ASM" I could use a command to set the policy to transparent... but I can't find anything about that.