Progress of a security policy learning

Question

Hello everybody.&nbsp;
&nbsp;This is my first post in this forum. I have always read its content but I have never write on it, so sorry for my english.&nbsp;
&nbsp;I have worked with the ASM for a short time and I don't know how can I do the followings actions:&nbsp;
&nbsp;1.- I have created a security policy with the rapid deployment for a entire virtual server (with aplications and services). This policy is learning with real traffic on the internet. My doubt is about the progress of this learning. 
&nbsp;A example:  The log policy shows the message:  "Policy Builder determined that security policy "policyxxxxx" is stable" and, after a short period of time, the log shows "Policy Builder determined that security policy "policyxxxxx" is unstable". I would like to know the reason why this is happening. I don´t know when finish the process.&nbsp;
&nbsp;2.- I need ASM analizes the real trafic in order to check if requests include a particular cookie in this case, the security policy allows the access to our web services, but on the contrary the sistem doesn´t allow IT.&nbsp;
&nbsp;Can you help me?&nbsp;
&nbsp;Thank you.&nbsp;
&nbsp;Regards.&nbsp;

imij_38396 · Answer

not a guru, but i will do my best to help -  
&nbsp;  
&nbsp; 1.  there are various tabs for logs.  are you looking at the ASM logs or another log? 
&nbsp; if your looking at the ASM log, what are the recurring violations? 
&nbsp;  
&nbsp; 2. got to ASM &gt; Headers &gt; Cookies &gt; Cookies  
&nbsp; is everything in that section configured correctly? and do you have the explicit and enforced cookies defined?

ido_breger_3805 · Answer

Hi Jose, 
&nbsp; wanted to help you  - I have a few questions: 
&nbsp; 1. Which version do you use? 
&nbsp; 2. Are you running the policy builder with real live internet traffic (it should be run with live traffic) 
&nbsp; 3. Do you know if the protected web application is changing (could it be that someone updated the code of the application?)? 
&nbsp; 4. If I understand you, you would like to allow access to a specific web application based on the presence of a cookie name? what about the cookie value? is it enough to look at the cookie name?

jose_comendador · Answer

Hi Ido, thanks for your interest.&nbsp;
&nbsp;I´m going to answer you in order:&nbsp;
&nbsp;1.- Version 10.2.1
&nbsp;2.- Yes.
&nbsp;3.- No, but I don´t think so.
&nbsp;4.- Yes, I would like to allow access to a specific Web Application based on the presence of a cookie name. But I don´t understand you in the second question. I think is enough with the cookie name.
&nbsp; 
&nbsp;Thank you very much.&nbsp;
&nbsp;Have a nice day.&nbsp;&nbsp;

jose_comendador · Answer

Thanks Imij. I only check the Automatic policy building log (ASM) 
&nbsp;  
&nbsp; Yeah, you are Ok with the point 2. 
&nbsp;  
&nbsp; Have a nice day.

Forum Discussion

Progress of a security policy learning

4 Replies

Welcome! a la Communidad DevCentral LATAM de F5!

The New F5 Certified BIG-IP Administrator Certification Exams Now Live

Recent Discussions

SSH forward proxy

Replacing i2800 pair with new F5-BIG-AFM-r2800

F5 CIS -> NGINX Plus Ingress Controller Integration

Can I use F5 Big-IP WAF as HoneyPot

Entra ID F5 APM MDM Intune integration compliance check

Related Content

Positive Security vs. Negative Security: A Comparison Using F5's Security Portfolio

Community Learning Path: Multi-Cloud Networking

Powering Progressive Deployment in Kubernetes with NGINX and Argo Rollouts

AppWorld 2025 Security Insights - ADC 3.0, AI Security, and more

Securing Model Serving in Red Hat OpenShift AI (on ROSA) with F5 Distributed Cloud API Security

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS