For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

happynfocus_245's avatar
happynfocus_245
Icon for Nimbostratus rankNimbostratus
Jan 21, 2016

Best practice on ASM policy deployment advices (automatic, manual)?

I have the in-house web applications that need to protect with ASM. I am testing out the policy deployment using automatic and manual (rapid deployment).   My focus is on the web attacks. For both...
ASM Advanced WAF
security
waf
Chris_Grant's avatar
Chris_Grant
Icon for Employee rankEmployee
Jan 27, 2016

The automatic policy builder runs in the background and develops your policy based on the traffic it sees. So, for instance, if it sees a large number of requests for .jpgs it's likely to conclude that jpgs are okay files and add a rule to the whitelist allowing that. Manual deployment may start from the same place but after you deploy it's done. Any changes you need to make must be made manually.

 

If you have a lot of generally clean traffic, or are willing to go back and fix it's mistakes, Automatic Policy Builder is fine. If your traffic is less trustworthy or you want to have total control over what you are doing with your ASM, Manual is the better way to go.

 

In either case you should be in regular communication with the admin in charge of the web application to ensure that your policy matches the needs of the application, and you should ensure that you are regularly reviewing the policy changes, learning suggestions, and proxy logs.