Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

Basic ASM Policy for Attack Signatures Only - apply to multiple VIPS

Chung_Yu
Nimbostratus
Nimbostratus

‎17-Dec-2020 10:15

Hi

 

I am wondering how to best manage ASM policy - most of the VIPS can use a basic policy that only checks for signatures. Now, if one of the VIPS using this policy has a false positive, how can I disable the signature for only that VIP and not for all the VIPS using this policy?

 

Thanks

 

C

Labels:
0 Kudos
3 REPLIES 3

Samir
MVP
MVP

‎17-Dec-2020 10:41

Options 1. Create copy of existing asm policy and customise per requirement. Now assign new asm policy to particular vip.​

Options 2. Use iRule and bypass certain signature id but not sure the feasibility.

 

0 Kudos

Erik_Novak
F5 Employee
F5 Employee

‎18-Dec-2020 06:45

You could create a Parent policy with attack signatures configured as optional. Use that parent policy as the basis for new policies. You can then disable the signature causing the FP, or leave it in staging, for that single policy only. The change will not affect the Parent policy or other policies based on the Parent.

0 Kudos

Chung_Yu
Nimbostratus
Nimbostratus

‎18-Dec-2020 06:55

Thanks guys, I have started to use a Parent policy as the base policy and build out the ASM on a per VIP basis.

 

Great input and thanks for validating some ops procedures for me.

 

REgards

 

Chung

0 Kudos
Copyright © 2023 Khoros, LLC