For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

DenverRB_326662's avatar
DenverRB_326662
Icon for Nimbostratus rankNimbostratus
Aug 23, 2018

Multi Partition ASM Question

Question regarding ASM - Version 11.6.3 - If I'm running Multiple Partitions on the F5. Will the attack signatures only update the partition that I requesting them to be updated on. If coming into ...
ASM Advanced WAF
devops
LTM
security
I_R_101_110's avatar
I_R_101_110
Icon for Cirrus rankCirrus
Aug 24, 2018

Partitions are a concept of segregating virtual servers and other objects but it does not segregate many items such as the attack signature database.

 

Being that you are on 11.6, the following is true:

 

https://support.f5.com/csp/article/K8217

 

When signatures are updated in BIG-IP ASM 11.0.0 and later, new signatures are placed in staging (non-blocking) where as updated and unchanged signatures remain in the configured mode (blocking).

 

So to reiterate, your only danger is attributed to the updated signatures causing false positives. You don't have to worry about the brand new signatures as they'll be put into staging.

 

Ensure that learning suggestions aren't disabled (auto or manual will work) and be ready to resolve those false positives.