Forum Discussion

Steph_282542's avatar
Steph_282542
Apr 17, 2017
Solved

Why "Do not enable both staging and Add All Entities in the same wildcard entity" ?

Reading the documentation I often find the recommendation:   "Do not enable both staging and Add All Entities on the same wildcard entity" But the reason why is not given. Can someone explain ...
ASM Advanced WAF
security
staging
wildcard
  • Kevin_Davies_40's avatar
    Kevin_Davies_40
    Apr 18, 2017

    Mode: Add all Entities

     

    In this mode the wildcard allows ASM to learn new entities. When the policy is enforced the wildcards will be removed. So enabling staging on the wildcard serves no purpose since its going to be removed anyway. Anything the wildcard itself may have learned in staging will disappear when they are removed. Its just adding more work for ASM thats not needed.

     

    As ASM learns new entities in this mode they are added in staging and they immediately begin the Enforcement Readiness Period. During this time ASM watches for any attributes of an entities that may need to be adjusted. If they do, the clock starts over. It is not until the end of the Enforcement Readiness Period, where no changes have been suggested for the attributes, is when ASM will recommend you enforce an entity.

     

nathe's avatar
nathe
Icon for Cirrocumulus rankCirrocumulus
Apr 18, 2017

Steph, this is because Staging tunes an entity once it's in a policy. If you are adding all entities then there is no need to tune the wildcard, you tune the specific entities e.g. file types.

 

Let's take File Types. If you select "Add all entities" you will be prompted to add the file types in the learning process. Once in the policy, staging is enabled so they can be tuned for the file type properties i.e. URL Length, Request Length etc. Potentially each file type will have a different set of properties. Whist in staging no traffic will be potentially blocked and, once you're happy that there have been no violations you can take a file type out of staging. If a wildcard is in staging as well, then effectively you will change the length properties for the wildcard based on all the different file types length properties - which isnt what you would want.

 

Hope this makes sense.

 

N