Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

draco_184361's avatar
draco_184361
Icon for Nimbostratus rankNimbostratus
Aug 14, 2017

Enforcement Readiness for F5 ASM

Under Each URL entity or certain entities , there is selection we can make depending on the whether it enforcement ready or not- choices available are -not enforced , have suggestion and ready to be...
ASM Advanced WAF
big-ip
security
Hannes_Rapp_162's avatar
Hannes_Rapp_162
Icon for Nacreous rankNacreous
Aug 14, 2017

"When does it become enforcement ready? After the enforcement period we have mentioned under policy building?"

 

Voila. It depends on enforcement readiness period as set in your policy settings. By default it is 7 days.

 

"And when does the entities state move from staging to having suggestions? Does it depend on the tighten policy setting under learning and blocking settings?"

 

Learning suggestions are raised only if you have enabled Learning Mode in policy settings. When enabled, and a request comes in which gets blocked, then a suggestion may be raised. This is basically self-intelligence of BigIP whereby it tries to guess what's best action for you to take. Personally I do not trust this feature. You can see a better description here if you Ctrl + F for encounters of "learning suggestion" and "learning mode": ASM Ops Guide

 

Hannes_Rapp_162's avatar
Hannes_Rapp_162
Icon for Nacreous rankNacreous
Aug 15, 2017

If you have ASM enabled:

Make sure the following signatures are Enabled and Enforced. In particular, 200000098 and 200001475 should be relevant for search input fields.

XSS script tag (Headers)    200000097
XSS script tag (Parameter)  200000098
XSS script tag (URI)    200000099
XSS script tag end (Headers)    200000091
XSS script tag end (Parameter) (2)  200001475
XSS script tag end (URI)    200000093