Forum Discussion
Erik_Novak
Jun 01, 2018Employee
So if you disable Application Security on the VS, traffic passes? And when you enable Application Security on the VS, traffic does not pass, but you get no indication that ASM is blocking requests. If the request to the application contains XML in the payload, you will need an XML profile associated with the security policy--not the virtual server. Additionally, you will need to check the learn, alarm, and block settings for XML-related violations, and probably RFC-compliance violations as well. Can you de-select the "Block" checkbox for each violation and then test traffic? Are you sure the application encoding language for your policy is correct?