Forum Discussion
Haitham_Hadad_3
Nimbostratus
NimbostratusPolicy in transparent/blocking with Attack signature enabled/disabled
Hi,
Kindly what is the difference between these scenarios
If I have my policy in Transparent mode and the attack signature isn't enabled and also if enabled ?
And if I have policy in Blocking mode and the attack signature is enabled
Thanks Haitham
mr_shaggy_17493Hi Haitham,
- If you put the enforcement mode into Transparent, then ASM will inspect all traffic flowing through BIG-IP without blocking any illegal traffic, but it will give a flag for the illegal traffic on the event log (as long as you enabled the alarm and logging setting). No matter whether you enabled or put the attack signature into staging, illegal traffic won't be block on transparent mode.
-
If you put the enforcement mode into Blocking:
- if the attack signature was put into staging, then ASM will not block any violations which is match to the attack signature, but still giving a flag for the illegal traffic on the event log. The positive security component (Illegal URL, Illegal Parameter, etc.) will still working regardless of the attack signature configuration which is on staging.
- if the attack signature is not on staging/enabled, then ASM will block any traffic which is match to the attack signature.
Regards,
Ahmad
Haitham_Hadad_3Thanks Ahmed So in blocking mode, ASM will block all [ as illegal url, parameters ... ] except matched attack signatures till we disable staging mode for these signatures
Right ?
Thanks Haitham
mr_shaggyYupp..your'e right :)