This article is useful for BIG-IP/BIG-IQ users familiar with web application security. This includes, application security professionals, infrastructure management operators.
Centralized Policy Building (CPB) is a feature specific to BIG-IQ. It allows security administrators to create, deploy and manage web application firewall (WAF) policies on BIG-IP devices. The policy building can occur manually or automatically. This feature is comparable to the on-box policy building feature available on BIG-IP and is better suited for distributed environments.
This article focuses on the configuration of the central learning feature for web application security policies in BIG-IQ. It will take you through the different steps to create, deploy and manage the WAF policy, as well as the appropriate logging profile.
The virtual server and other related elements such as profiles, pools etc. are configured using the Applications framework leveraging AS3.
The steps are documented for the operator to use the BIG-IQ web user interface (webUI) to manage the WAF policy. The creation of the virtual server object can be done directly from the BIG-IQ webUI or through a simple REST call (leveraging the Postman™ client https://www.postman.com/product/api-client/).
The following pre-requisites must be met in order to follow the procedures outlined below:
The procedure detailed below goes over the following main steps on BIG-IQ:
For the following steps it is assumed that the operator is logged in the BIG-IQ CM webUI and has the necessary administrative rights to create, update and delete web application security configuration as well as create applications. BIG-IQ accommodates fine-grained role-based access control (RBAC) to assign different roles to different user, e.g. security administrator role for policy management, and application administrator for other aspects of the configuration. This is beyond the scope of this article, more information is available here.
You are now ready to deploy the application using AS3.
You are now able to send test traffic to the application. Feel free to use the f5-waf-tester tool available here.
Now that the traffic is going to the application and, let's take a look at what BIG-IQ provides in terms of visibility.
BIG-IQ provides the ideal platform to enable security operations independently from the devops group. The multiple personas can run their tasks independently and effectively gaining granular visibility in the application performance, security, and overall status.
Please note that the above steps are also used in an F5 CloudDocs Lab available by following this link.