cancel
Showing results for 
Search instead for 
Did you mean: 

Device ID - Bot/Dos Profile

Sushant
Altostratus
Altostratus

Will F5 generate any device id to the client if it is still in transparent mode ? Will my Device ID work in DOS profile if my Bot profile is still in transparent mode ? As for device id to work in context of DOS profile it must be configured under Bot profile as said so.

0691T00000CpOgQQAV.png

1 ACCEPTED SOLUTION

Hi Sushant,

 

it will be generated in Transparent mode, but you have to enable "Verification and Device-ID Challenges in Transparent Mode".

0691T00000CpPtpQAF.pngKR

Daniel

View solution in original post

8 REPLIES 8

AlexBCT
MVP
MVP

Hi Sushant,

 

Yes, this should still be generated. The main difference between Transparent mode and Blocking mode is that it won't take any action, but the process of getting and logging information stays the same.

 

Hope this helps.

Hi Sushant,

 

it will be generated in Transparent mode, but you have to enable "Verification and Device-ID Challenges in Transparent Mode".

0691T00000CpPtpQAF.pngKR

Daniel

Hi Daniel,

 

That is what I was wondering about . Thank you AlexBCT and Daniel.. One more thing is there any possible way of verifying device id that is being allocated to the client ? any kind of log or anything ?

In Security ›› Event Logs : Application : Requests you will find information like Source IP, Device ID, Geolocation. You can forward that to some sort of SIEM and build a nice dashboard or view.

That's what you're trying to achieve?

yes I am going to try out with ELK stack Daniel

Daniel, Device ID not being displayed in the log side. any solution for this ?

Did you, in the logging profile under section Bot Defense, enable Log Device ID Collection Request?

I am using the default Log all requests profile and a custom Bot Defense logging profile with all checkboxes ticked.

 

0691T00000CpQazQAF.pngWith this config I can see it in Security ›› Event Logs : Bot Defense : Bot Requests when showing All Details (not in Basic view) and also in Security ›› Event Logs : Application : Requests.

I just changed it from GENERATE AFTER ACCESS TO GENERATE BEFORE ACCESS. I could see then see the Device ID in the log . Let me even try the logging part as I have not enable the Bot logging part as well....