Delete Inactive Entity

Question

What does this mean in ASM Policy Learning? &nbsp;
Action: Delete Cookie
Matched Cookie: BIGipServerdgm_sol_pool_1&nbsp;
Is there any impact of Accepting the suggestion? I can't find anywhere about this "Delete Inactive Entity"&nbsp;

mf5 · Answer

Starting with BIG-IP ASM 13.1, you can reduce security policy inflation and simplify policy maintenance by deleting inactive entities. Policy Builder detects entities that your policy has not observed in traffic for more than 90 days and displays them as learning suggestions on the following page:&nbsp;
Security &gt; Application Security &gt; Policy Building &gt; Traffic Learning. &nbsp;
You can then accept or delete the Delete inactive entity suggestion.&nbsp;
You can also change the number of days Policy Builder uses to determine an entity is inactive from the default setting of 90 days on the following page:&nbsp;
Security &gt; Application Security &gt; Policy Building &gt; Learning and Blocking settings &gt; Policy Building Process (advanced settings) &gt; Options.
Policy Builder only monitors allowed entities for inactivity. &nbsp;
Further, if you retain the default, pure wildcard (*), the system does not monitor allowed entities that Policy Builder adds using the wildcard.&nbsp;
The system generates learning suggestions to delete the following types of allowed, inactive entities:&nbsp;
File typeHTTP URLWebSocket URLParameterCookieRedirection domainHostnames
reference: https://support.f5.com/kb/en-us/products/big-ip_asm/manuals/product/f5-asm-operations-guide.html&nbsp;

Forum Discussion

Delete Inactive Entity

Recent Discussions

Big IP DNS Failover

AS3 Limitations

Diameter iRules attachment?

Help needed with iRule (connection closed log )

Use of SSL Decryption.

Related Content

Deleting an AS3 Tenant

Delete VS

Delete Management Default Route?

This DevCentral Content has been Archived or Deleted

APM session inactivity timeoute VS. TCP idle timout

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS