Automatic versus Manual policy building

Hi, the below link will differentiate between multiple deployment scenarios

https://support.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-getting-started-11-4-0/2.html

We normally plan for an automatic policy and once ASM learned sufficient traffic ( around 2 weeks) you will have to adjust and tune the parameters. Its like a mid approach of positive and negative security model. Just with Automatic only policy deployment will not get the intended results. Also I go for phased deployment with UAT policy -->staging -->production. I do the changes only in the UAT policy, once comfortable and agreed by application owner you can clone the policy to staging and once the testing done move over to production. I will never touch the production policy.

Transparent mode: blocking is disabled for the security policy, and you cannot set the violations to block on the Blocking screen. Traffic is not blocked even if a violation is triggered.

Blocking mode: blocking is enabled for the security policy, and can enable or disable the block flag for individual violations. Traffic is blocked when a violation occurs, and the system is configured to block that type of violation

Enforcement is always manual and it is up to you to decide and implement the enforcement as per agreement with stakeholders

Staging is the period in which the properties for each entity in the policy are not enforced. This means that when any entity is in staging, ASM does not block requests for it, even if the request contains violations, regardless of the global security policy settings. The elements subject to staging are - URLs, File Types, Parameters, Cookies, Attack Signatures, Redirection domains.

hope this helps,

cheers