For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Sushant's avatar
Sushant
Icon for Altostratus rankAltostratus
Sep 09, 2021

AWAF with customized virtual port

BIG IP F5 is not learning anything once I start to use customized port. This is mainly for API traffic where source come through site to site vpn querying the api having customized port. My API virtu...
ASM Advanced WAF
security
TMOS
Daniel_Wolf's avatar
Daniel_Wolf
Icon for MVP rankMVP
Sep 13, 2021

Hi ,

 

as mentioned above, a HTTP profile is required. You could check how the learning settings are configured in your policy. What entities are learned (URL, file type, cookies, parameters) and also check the setting for Policy Building Learning Mode.

Next take a look at K15530590, it will explain to you which type of Security Policy templates exist and what entities are learned by default and at which level of granularity the AdvWAF will learn them.

Additionally read the manual about learning: BIG-IP Application Security Manager: Implementations Refining Security Policies with Learning.

For me it is a good comparison to have "Log all requests" enabled while troubleshooting. You can compare the requests log vs. the new learning suggestions.

 

Hope this helps.

 

KR

Daniel