ASM security policy configuration auto changed
Hi Guys,
We have BIG-IP ASM in our environment which is loaded with 111 security policies, Out of all 101 policies configuration got changed suddenly and each policy is having learning and blocking settings as Blocking >Automatic > Real-time> Medium > 7 days.
Our policy template got removed and set as Fundamental template to all security policies.
Due to system sudden change multiple application were impacted. Work around - policies were disabled for all impacted websites temporarily until get the root cause and permanent fix.
In audit log, I found one common element type "UCS configuration load" for the impacted policies (attached).
Kindly assist if I can restore the ASM configuration back to make all sites working with our custom template.
yes that would very much be my advise. it doesnt feel right, you want to know why, but at some point that becomes more unlikely and the best thing is to just move forward.