For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

RasGhz_297176's avatar
RasGhz_297176
Icon for Nimbostratus rankNimbostratus
Oct 27, 2016

Realtime policy builder

Hi,   I'd like to know once we created the ASM policy and moved into bloking mode, should we disable realtime policy builder or leave it enable forever? If we disable that, is there a concern for ...
ASM Advanced WAF
security
RasGhz_297176's avatar
RasGhz_297176
Icon for Nimbostratus rankNimbostratus
Oct 31, 2016

Hi,

 

Thanks for the response.

 

So if we have the RPB disabled, what happens to newly added signatures. I know the new signatures will go to staging, but what if a new signature is having impact on application operation after the staging period is over? Is that signature going to be disabled automatically or there has to be some manual work?

 

Chris_Grant's avatar
Chris_Grant
Icon for Employee rankEmployee
Nov 02, 2016

Signature updates are completely independent of RPB. You would need to manually work with them regardless of the RPB settings. RPB will help build your policy whitelist, while the Signatures are a blacklist that is built and maintained by F5 Networks. You can choose which signatures to enable or disable, and you can create custom signatures, but that must be handled largely outside of RPB. It has no impact either way on signature staging.