Forum Discussion

Phong_Tang_7213's avatar
Phong_Tang_7213
Icon for Altostratus rankAltostratus
Jul 20, 2015

F5 ASM File Type Learn Explicit Entities in Rapid Deployment

Hi gurus

 

I am configuring ASM Security Policy in Rapid Deployment. The default File Type in this mode is only one "*" with "Never (wildcard only)" in Learn Explicit Entities. I want this Policy to learn all of file type so I changed Learn Explicit Entities to "Add All Entities".

 

But it not learn other File Type. What can I do?

 

Regards,

 

6 Replies

  • are you sure you configured and applied the policy? where there actual new hits on the policy? have you check at manual traffic learning if there entries are there?

     

  • Hi

     

    Do you affected the ASM politic to a VS ? (with a policie on the ressource parameter of a VS)

     

  • nathe's avatar
    nathe
    Icon for Cirrocumulus rankCirrocumulus

    The Rapid Deployment Policy is, in essence, a negative security policy with some positive security policy thrown in. You may have been better using a Manual policy type.

     

    Anyway, check your Policy Blocking Settings. In here you will see the full list of violations. You will probably find with RDP you won't have many selected. You will want to select "illegal file type" Learn/Alarm and (optionally) Block. This should populate the Manual Traffic learning as Boneyard mentions above. You'll see the "illegal file type" violation and they'll be listed here.

     

    Hope this helps.

     

    N

     

  • and to add a final piece i believe the extra file types won't be added automatically to the file types list you will have to do this via the manual traffic learning section.

     

    see also this from the help: "•When the Automated Policy Builder is not running, the system suggests that you add explicit entities that match the wildcard entity."

     

    if all this doesn't help you you might want to explain a bit better and provide some more configuration screenshots to show how the system is setup.