Forum Discussion
Enabling ASM
This is a pretty dumb question, but it is killing me. Whne bringing up a new box the ASM is not enabled even though it is licensed. I know that it is a console command to enable it, because i have been through this once or twice before. Can anyone tell me what this command is? I have searched ask.f5.com with zero luck.
- In the management GUI under System->Licence you will see the currently licensed options but the product modules are not actually enabled by default. To enable them click on the "Modules" tab across the top. This will show you the product moduels available with drop-down menus to Enable/Disable each one.
Hope this helps. - Thanks for the quick responce guys. I knew it was an easy one, just couldn't find it.
jokraglyNimbostratus
upon enabling the module, no policies are automatically enabled are there? You must create your policy, class etc and assign to your application in order for it to ever start to read the traffic. At this point we can leave it at Transparent so the traffic is not interrupted but is being logged.
We are running BIG-IP 10.2.2.763.3
natheCirrocumulus
Jokragly,
AFAIK simply enabling the module will not enforce policies / signatures etc. You need to create your HTTP Class profiles - F5 call these the "link" between local traffic components and application security ones. These classes will then reference a web application / security policy. And yes, transparent mode will not block traffic.
N- jokraglyThanks for the clarification. Trying to enable ASM module in an existing productjion enviroment and need to take all risk out of the equation. Looking forward to working with this feature, from all me readings and video watching it looks pretty straight forward for initial setup and logging.
Thanks again.
Jeff
