Forum Discussion

AmineZAKARIA's avatar
AmineZAKARIA
Icon for Nimbostratus rankNimbostratus
Feb 03, 2025

F5 AWAF Policy learning phase opinion

Hello,

 

Hope you are doing well!

 

I am new to f5 AWAF and am wondering on what is the recommended way to protect and app published on the internet, afaik in the learning phase with transparent mode or blocking mode with staging enabled the attack won't be blocked.

 

Since testing the app locally is not always an option, Is it optimal to set the policy into blocking mode/Enforce/disable learn only for the high attack signatures, at the same time i put other entities into staging (Cookies, URL, parameters, ...) with automatic policy building for learning ? What do you think ? at least i will be sure the high attack won't pass to the app.

 

Thanks.

Regards!

Amine

 

asm
awaf
f5 asm
F5 WAF
security
  • Nikoolayy1's avatar
    Nikoolayy1
    Icon for MVP rankMVP
    Feb 17, 2025

    I suggest taking the F5 AWAF training F5 Training Programs and Online Classes | F5 as configuring F5 AWAF requires knowing the web app (how complex the web app is, how often it is changed etc.) , the organization you work for (banks and fintech usually want no automatic policy as security there is first or if there is TEST/UAT/preprod environment or not) , the network (the web app and network is something the community does not know but you know it) and  then F5 and AWAF as to implement the correct configuration. 

     

    Maybe you can implement AWAF policy if you have strong IT background by going through the operations guides and labing it out.

    F5 operations guides | About operations guides

     

    Also maybe involving F5 PS (Professional services ) or experienced external F5 Consultant for initial deployments then taking it over from there will be beneficial.

     

    The F5 community can assist with more specific questions but general knowledge of the F5 products is needed to successfully utilize them even to know what question you need an answer for from the community.