Forum Discussion

Jose_Comendador's avatar
Icon for Nimbostratus rankNimbostratus
Jul 06, 2012

Progress of a security policy learning

Hello everybody.



This is my first post in this forum. I have always read its content but I have never write on it, so sorry for my english.



I have worked with the ASM for a short time and I don't know how can I do the followings actions:



1.- I have created a security policy with the rapid deployment for a entire virtual server (with aplications and services). This policy is learning with real traffic on the internet. My doubt is about the progress of this learning.


A example: The log policy shows the message: "Policy Builder determined that security policy "policyxxxxx" is stable" and, after a short period of time, the log shows "Policy Builder determined that security policy "policyxxxxx" is unstable". I would like to know the reason why this is happening. I don´t know when finish the process.



2.- I need ASM analizes the real trafic in order to check if requests include a particular cookie in this case, the security policy allows the access to our web services, but on the contrary the sistem doesn´t allow IT.



Can you help me?



Thank you.





4 Replies

  • not a guru, but i will do my best to help -



    1. there are various tabs for logs. are you looking at the ASM logs or another log?


    if your looking at the ASM log, what are the recurring violations?



    2. got to ASM > Headers > Cookies > Cookies


    is everything in that section configured correctly? and do you have the explicit and enforced cookies defined?
  • Ido_Breger_3805's avatar
    Historic F5 Account
    Hi Jose,


    wanted to help you - I have a few questions:


    1. Which version do you use?


    2. Are you running the policy builder with real live internet traffic (it should be run with live traffic)


    3. Do you know if the protected web application is changing (could it be that someone updated the code of the application?)?


    4. If I understand you, you would like to allow access to a specific web application based on the presence of a cookie name? what about the cookie value? is it enough to look at the cookie name?
  • Hi Ido, thanks for your interest.



    I´m going to answer you in order:



    1.- Version 10.2.1


    2.- Yes.


    3.- No, but I don´t think so.


    4.- Yes, I would like to allow access to a specific Web Application based on the presence of a cookie name. But I don´t understand you in the second question. I think is enough with the cookie name.



    Thank you very much.



    Have a nice day.



  • Thanks Imij. I only check the Automatic policy building log (ASM)



    Yeah, you are Ok with the point 2.



    Have a nice day.