Hello Experts After trying many time automatic learning and having bad experience. I am planning to use Rapid deployment (manual policy building). Kindly help me understand below: 1- In rapid deployment mode, we will be not able to learn URL, parameter and file types through violations? or wildcard tightening for URL, parameter and file types will learn the URL, parameters and file types and finally we car remove wildcard? Am I right in understanding? 2- How to expedite the learning speed in manual mode? Means how many times, users have to browse the application for proper learning?

ghost-rider, In essence the Rapid Deployment Template is just a negative security policy with Dataguard and http/cookie RFC protections really. URL, parameter and file types are not learned/tightened and they just use the wildcard. Of course you can change this but, by default, this is the setting. For learning speed, unlike Automatic Policy Builder it will Learn everything it sees, if in Policy Blocking Settings the violation is set to Learn e.g. Attack Signatures (but not illegal file type, for example, as the wildcard is in use). You'll see learned suggestions in the Manual Traffic Learning section. Might I recommend Manual policy building without using a template. This way you can set how you want file types/urls and parameters to be tightened etc... and get a fuller picture of your web app/app security by testing the application. Hope this helps, N

I am sorry for my ignorance. I think, I missed the basic point here. What I want to know is, to populate the allowed URL, parameter and file types, wildcard tightening will do the magic OR enable the learn on violation (illegal URL, file type etc) will give the learning suggestion and by accepting and enforcing will populate the allowed URL, parameter and file types?

yes, wildcard tightening will populate individual parameters etc....but you'll need learning on the violation to get the violation in the manual learning. Without learn on the violation it will still suggest the parameter but you'll only see this in the event log.

Thanks a lot! Just last thing, normally application guys ask how many times, or how many users for how may days need to browse the application so F5 can learn proper URL, parameters, file types etc. What is your recommendation as per your experience for both manual policy and automatic policy. Appreciated your input

There's a question. Ask the application guys how big their application is. Seriously though, for both if you've got good regression testing and you're a trusted IP (for auto) then that'll help. Difficult for me to say really. With manual I judge it on the Dakar positives disappearing

F5 ASM Rapid Deployment Learning

17 Replies

nathe
Cirrocumulus
Feb 25, 2015
ghost-rider,

In essence the Rapid Deployment Template is just a negative security policy with Dataguard and http/cookie RFC protections really.

URL, parameter and file types are not learned/tightened and they just use the wildcard. Of course you can change this but, by default, this is the setting.

For learning speed, unlike Automatic Policy Builder it will Learn everything it sees, if in Policy Blocking Settings the violation is set to Learn e.g. Attack Signatures (but not illegal file type, for example, as the wildcard is in use). You'll see learned suggestions in the Manual Traffic Learning section.

Might I recommend Manual policy building without using a template. This way you can set how you want file types/urls and parameters to be tightened etc... and get a fuller picture of your web app/app security by testing the application.

Hope this helps,

N
ghost-rider_124
Nimbostratus
Feb 25, 2015
I am sorry for my ignorance. I think, I missed the basic point here. What I want to know is, to populate the allowed URL, parameter and file types, wildcard tightening will do the magic OR enable the learn on violation (illegal URL, file type etc) will give the learning suggestion and by accepting and enforcing will populate the allowed URL, parameter and file types?
- nathe
  Cirrocumulus
  Feb 25, 2015
  yes, wildcard tightening will populate individual parameters etc....but you'll need learning on the violation to get the violation in the manual learning. Without learn on the violation it will still suggest the parameter but you'll only see this in the event log.
- ghost-rider_124
  Nimbostratus
  Feb 25, 2015
  Thanks a lot! Just last thing, normally application guys ask how many times, or how many users for how may days need to browse the application so F5 can learn proper URL, parameters, file types etc. What is your recommendation as per your experience for both manual policy and automatic policy. Appreciated your input
- nathe
  Cirrocumulus
  Feb 25, 2015
  There's a question. Ask the application guys how big their application is. Seriously though, for both if you've got good regression testing and you're a trusted IP (for auto) then that'll help. Difficult for me to say really. With manual I judge it on the Dakar positives disappearing

Forum Discussion

F5 ASM Rapid Deployment Learning

17 Replies

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

Failing over Virtual F5 VE to DR location using Zerto

Unblock Request WAF

TLS handshake failure from BIG-IP to backend – Fatal Alert: Decode Error (Server SSL)

Failing over of a Virtual F5 configuration to another location using Zerto restore process

F5 Networks F5CAB1 Exam - Need Help Regarding Prep

Related Content

ASM – Rapid Deployment

Where are F5's archived deployment guides?

VIPTest: Rapid Application Testing for F5 Environments

Automating F5 Application Delivery and Security Platform Deployments

F5 BIG-IP deployment with OpenShift - per-application 2-tier deployments

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS