For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

newf5learner_13's avatar
newf5learner_13
Icon for Nimbostratus rankNimbostratus
Feb 22, 2017

F5 ASM deployment for production traffic in transparent mode.

Hi Experts,   I'm new to the F5 ASM deployment, so posting here with my concerns.   Background information: I have enabled ASM for the VIPs which are already in production. I don't have any t...
application delivery
ASM Advanced WAF
security
Vijith_182946's avatar
Vijith_182946
Icon for Cirrostratus rankCirrostratus
Feb 23, 2017

Hi, First of all, do you think 7 day enforcement is enough for traffic learning? We usually go for at least 14 days to a month. You need sufficient amount of traffic to get ASM learn the traffic behavior. Once we have enough traffic and violation events perform the violation analysis one-by-one. You need to work with Apps team and challenge them about these violations, many cases you need to remediate the false positives and some other cases you need to challenge them. I think you also should decide on positive and negative security models you planning to go ahead. We usually go this flow of violations

 

1) RFC compliance 2) Length Limits 3) Valid File Types 4) Valid URLs 5) Valid Parameters 6) Parameter Compliance 7) Valid meta characters 8) HTTP Method / Headers 9 Attack Signatures / Virus

 

hope this helps

 

newf5learner_13's avatar
newf5learner_13
Icon for Nimbostratus rankNimbostratus
Feb 23, 2017

thanks for the reply.

 

What are the negative security violations in the traffic learning?

 

Can I accept the suggestions the policy builder listed above? Can I consider the suggestions are the valid ones to be accepted in the policy and so that they will not be triggered as an event further?