AltostratusBIG IP F5 is not learning anything once I start to use customized port. This is mainly for API traffic where source come through site to site vpn querying the api having customized port. My API virtual server will be listening to customized port like 8888. LTM is working but not in the context of using HTTP profile which is required for AWAF to work as far as my knowledge is concerned.
CirrostratusHttp Profile is must to attach waf profile to virtual server.
without http profile LTM wont have L7 visibility.
http profile will work with any custom port unless its http protocol.
AltostratusHello ragunath,
Yes, http is a must attach inorder for L7 inspection to happen but once i place my virtual server with HTTP profile , it doesnt work at all .
MVPHi ,
as mentioned above, a HTTP profile is required. You could check how the learning settings are configured in your policy. What entities are learned (URL, file type, cookies, parameters) and also check the setting for Policy Building Learning Mode.
Next take a look at K15530590, it will explain to you which type of Security Policy templates exist and what entities are learned by default and at which level of granularity the AdvWAF will learn them.
Additionally read the manual about learning: BIG-IP Application Security Manager: Implementations Refining Security Policies with Learning.
For me it is a good comparison to have "Log all requests" enabled while troubleshooting. You can compare the requests log vs. the new learning suggestions.
Hope this helps.
KR
Daniel
AltostratusHello Daniel,
The virtual server will learn traffic if I tend to use port 80 as my virtual server listening port. If I use customized port then the application itself wont work incase of using HTTP as my profile. If I remove the HTTP profile it will work even with the customized port.
MVPSo it is not the traffic learning that stops when you change from 80 to 8888 but the whole traffic processing stops?
Where do you change to port 8888? On the VS or on the pool member?
Can you do a tcpdump to analyze why traffic processing stops?