Enforcement readiness Period

Hi,

ok, let me clarify this...

When objects or attack signatures are in staging, the system does not enforce them. Instead, the system creates learning suggestions for each violation. The enforcement readiness period defines how long these objects will be observed and not enforced.

If the policy is in transparent mode (this mode does not change if the enforcement readiness period has ended...) then the policy will not block any request/violation. If the "learn" action is active, the system creates learning suggestions for each violation. If there are some objects in staging, the system creates learning suggestions based on this too (if there related violatons).

If the policy is in blocking mode (again, this mode does not change if the enforcement readiness period has ended...), all violations will be blocked (if the "block" action is active per violation), except for objects which are in staging (see above). The system creates learning suggestions for all violations (if the "learn" action is active) and objects which are in staging.

Staging gives you the possibility to tune objects without blocking the requests. Even if the policy enforcement mode is block.

When the enforcement readiness period is over and no learning suggestions are added, all objects which are in staging will marked as "ready to be enforced" (file type, URL, parameter, signature, ...). There is a enforcement readiness summary page, where you can enforce selected or all objects.

Cheers Stephan