Changing the enforcement mode

Question

I'm working on F5 ASM for the first time. Until now we have analysed the attack signatures and are ready to change the enforcement mode from learning to blocking. I need to know once I change this mode will the attack signatures come out of the staging?

gsharri · Answer

No, it is not automatic. For ASM to enforce the signatures on traffic (block if a violation occurs) 3 settings must be configured properly: &nbsp;
Your security policies enforcement mode must be set to BlockingThe attack signatures must be set to Block on the Blocking Settings list (the learn/alarm/block checkboxes)  
Staging must be disabled on the signatures (also known as enforcing the signatures)

Forum Discussion

Changing the enforcement mode

Recent Discussions

VS FORWARDING & ROUTE

Diameter iRules attachment?

Source IP F5 DNS Zone Forwarder

F5 BIG-IP

BIG-IP Oauth Client and AS

Related Content

Explanation of F5 DDoS threshold modes

BoT Defense Profile, Signature Enforcement

Understanding F5's Transparent Mode vs Blocking Mode with a Focus on Geo-Blocking

F5 TCP Proxy mode

One-Arm Mode Migration

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS