The BIG-IP Application Security Manager Part 2: Policy Building

This is the second article in a 10-part series on the BIG-IP Application Security Manager (ASM). The first article in this series discussed the basics of the BIG-IP ASM...what it is, why you need it,...
Published Sep 04, 2013
Version 1.0
ASM Advanced WAF
policy building
security
tech tip
ltwagnon's avatar
ltwagnon
Ret. Employee
Sep 06, 2013
Chifo, thanks for the question!

 

 

When discussing policy building, it's hard to say that one policy deployment option is better than another. However, there are some benefits to the manual deployment option:

 

 

- more visibility on policy configurations

 

- more control for administrators

 

 

But, when you allow more control and visibility, you run the risk of missing something in your configurations. That's one of the key benefits of the automatic deployment option...if you aren't sure what buttons to push, boxes to check, etc, you can simply build out the policy using the automatic option and let the ASM configure everything for you.

 

 

So, it's a bit of a balancing act as to which one is right for you. If you have an ASM admin who really knows the details of the application(s) being protected, I'd say the manual option might be better. But, if the ASM admin is fairly new to the application(s), the automatic option might be the way to go so that you don't miss anything.

 

 

Also, keep in mind that you can always change configurations after the policy is built, so if you choose the automatic option (or the manual option for that matter) and then figure out you need to change some things, you can always do that.

 

 

Let me know if you need any other info...thanks again for the great question!

 

 

John