Forum Discussion
Not able to assign ASM Policy
Hi,
I have created a ASM policy without attaching to any VS. After the policy is configured I tried attaching to VS but it didn't reflect in list pane. Please help in knowing why I am not able to find it in list pane.
Thanks, Sekhar
- Prayosha_226555Nimbostratus
Hi, My Big IP is running on 11.5.3 version. I want to apply security policy to my vs. after creating policy I tried to go VS and under security-> Policies to assign a new policy. But I do not see any option for associating there
- AneshCirrostratus
i suggest you open a new thread/question the old thread is dated 2015
- gsharriAltostratus
Have you enabled the ASM specific synchronization setting? Security > Application Security > Synchronization
- SekharNimbostratus
HI G,
If i am not wrong i can add policy using manage button in here right?
Thanks, Sekhar!
- SekharNimbostratusHi Harris, Thanks for clearing me on this. I also have a question on sync between HA pair for ASM policies. After configuring the ASM policy and syncing the active device to group my stand alone device shows changes pending. I am not sure why this happens, but I am observing this kind of behavior only when a new ASM policy is configured. Is this a normal thing? Thanks, Sekhar
- gsharriAltostratusYou cannot assign ASM security policies here. That is for local traffic policies also known as layer 7 (l7) policies. Layer 7 policies are used by asm policies. It is how the virtual server determines what traffic should be sent to asm. The security tab shown in this screen shot is where you associate an asm policy with the virtual server. After you do that an auto layer 7 policy will appear on the resource tab. The system creates this l7 policy to send all traffic to the asm policy that was assigned to the virtual server. It is also possible to create a custom l7 policy to send different http requests to different asm security policies. In that case you would not assign the asm policy on the security tab but only assign the l7 policy on the resource tab. I hope this makes sense!
- natheCirrocumulus
Sekhar, afraid it isn't entirely clear from your description what your issue is. You may need to explain further. Also what version of bigip are you running?
In the first instance have you got a http profile on the virtual server?
Rgds,
N
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com