For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Anand_Prabhu's avatar
Anand_Prabhu
Icon for Nimbostratus rankNimbostratus
Nov 06, 2018

Delete Inactive Entity

What does this mean in ASM Policy Learning?   Action: Delete Cookie Matched Cookie: BIGipServerdgm_sol_pool_1   Is there any impact of Accepting the suggestion? I can't find anywhere about thi...
application delivery
ASM Advanced WAF
mf5's avatar
mf5
Icon for Nimbostratus rankNimbostratus
Nov 06, 2018

Starting with BIG-IP ASM 13.1, you can reduce security policy inflation and simplify policy maintenance by deleting inactive entities. Policy Builder detects entities that your policy has not observed in traffic for more than 90 days and displays them as learning suggestions on the following page:

 

Security > Application Security > Policy Building > Traffic Learning.

 

You can then accept or delete the Delete inactive entity suggestion.

 

You can also change the number of days Policy Builder uses to determine an entity is inactive from the default setting of 90 days on the following page:

 

Security > Application Security > Policy Building > Learning and Blocking settings > Policy Building Process (advanced settings) > Options. Policy Builder only monitors allowed entities for inactivity.

 

Further, if you retain the default, pure wildcard (*), the system does not monitor allowed entities that Policy Builder adds using the wildcard.

 

The system generates learning suggestions to delete the following types of allowed, inactive entities:

 

  • File type
  • HTTP URL
  • WebSocket URL
  • Parameter
  • Cookie
  • Redirection domain
  • Hostnames

reference: https://support.f5.com/kb/en-us/products/big-ip_asm/manuals/product/f5-asm-operations-guide.html