Does an "automatic policy" start blocking right away?

Question

I created an automatic policy for a prod server and after going through all of the recommended settings and applying it, I noticed that it said it was in blocking mode (which I don't want until it is done with the 2 week learning). Does this mean that requests can be blocked right from the start if I don't manually turn it to transparent mode? Thanks.

stephan_mierau · Answer

yes the automatic policy is in blocking mode from the beginning. But all the parts of your policy should be in staging, which means the policy does not block anything. Also you must enforce a policy entry that the policy blocks anything.

gsharri · Answer

If a security policy is in blocking mode there is the possibility that ASM may block some traffic right from the start. While attack signatures and allowed entities (file types, urls, etc) need to be enforced (staging disabled) before ASM will block related traffic there are other elements in a security policy which have no staging capability. Examples: RFC Compliance violations, allowed HTTP methods, allowed response codes. If these violations are set to Block on the Blocking Settings list and the Enforcement Mode=Blocking then ASM will block traffic that triggers these violations.

Forum Discussion

Does an "automatic policy" start blocking right away?

Recent Discussions

NAT for specific IPs

VIP needed for many UDP ports

remove ssh after gtm_add/bigip_add/big3d_add ?

What will be happen to live and existing connections when failover HA BIG IP active-standby

Creating Policy using Terraform

Related Content

How I did it - "Application authentication with Verizon ID and F5 Access Policy Manager"

Icontrol REST upload and apply policy- section "http-protocols" ignored?

Block IP after a number of ASM Blocks

Block traffic

Response and blocking page

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS