ASM Best Practice for Major Web Site Updates
We are planning an ASM deployment, and we expect one of the web servers will have periodic significant upgrades. We are trying to determine what our approach will be when that happens. We're assuming in the mean time the policies will be converted into enforcement mode with signature staging enabled. I've been searching but haven't found a clear recommendation on this.
Should we re-enable Policy Builder prior to the update so that it starts learning any new file types, URLs, etc. that the policy hadn't seen before, and then disable PB once there's been enough traffic to validate those new elements? I don't really think we want to move the policy back to Transparent Mode because then we won't be blocking anything.
Thanks for any assistance.