Forum Discussion
NimbostratusF5 ASM deployment for production traffic in transparent mode.
CirrostratusHi, First of all, do you think 7 day enforcement is enough for traffic learning? We usually go for at least 14 days to a month. You need sufficient amount of traffic to get ASM learn the traffic behavior. Once we have enough traffic and violation events perform the violation analysis one-by-one. You need to work with Apps team and challenge them about these violations, many cases you need to remediate the false positives and some other cases you need to challenge them. I think you also should decide on positive and negative security models you planning to go ahead. We usually go this flow of violations
1) RFC compliance 2) Length Limits 3) Valid File Types 4) Valid URLs 5) Valid Parameters 6) Parameter Compliance 7) Valid meta characters 8) HTTP Method / Headers 9 Attack Signatures / Virus
hope this helps
NimbostratusThanks Amine and Vijith
I read some article where it was stated that F5 recommends creating a baseline policy for the environment which includes basic security requirements that are embedded into the policy components. And such policy can be considered as template which can be re-used. So, was thinking if I can make a standard policy and try replicating it in transparent mode with enforcement period of 7 days for all the other VIPs.
could you please let me know what are the negative security violations in the traffic learning? Should we allow them or enforce them?
