Forum Discussion
Dianna_129659
Nimbostratus
Nimbostratusseparate security policy for each virtual server
We have a vs for http and another vs for https. Is it possible to assign a different security policy to each vs? In other words, I would have 2 active security policies, one for vs1 and another for vs2. I welcome any knowledge shared about this. Many thanks, Dianna
shaggyyes, that is definitely possible. ASM security policies are usually assigned per-virtual-server. What version of BIGIP code are you running?
Dianna_129659Hi Shaggy. Thanks for your help. When I tried to create a new policy using the current policy as a template, or by exporting and importing, each time I tried to make the new policy active, it tried to replace the current policy. We have version 11.3. Thanks, Dianna
natheCirrocumulus
Yes I seem to recall export/import is not as straight-forward as you hope. Without my lab in front of me does it help if you import to Inactive Policies list first and then activate it? I think then you can assign to a virtual server. If not, in the past I recall I had to create a dummy policy (just go through the wizard and apply to other VS) and then import the policy over the new active one. Hope this helps. N
- Dianna_129659
I had tried pulling it into the Inactive Polices, but was unable to activate from there also. Same replace issue. I like your idea of creating a dummy policy and then importing the new policy over that one. Thanks!
- natheYes. That should work. I think it's because you need to be in a policy area to replace it...if that makes sense?!?
- Dianna_129659I will work on this soon, and reply to let people see if this worked. Thanks for your suggestion!