Forum Discussion

CHRISTY_THOMAS's avatar
Jun 01, 2020

security policy

Just check out a scenario...If a security policy learned the attributes of a web application completely and policy placed in BLOCKING mode, If web application team wants to deploy a newly created UI/module. What should be the procedure that I have to done in BIG IP ...

should I switch the enforcement mode to TRANSPARENT!!!! for automatic learning... Or there is any other solution without changing the already existing policy to transparent mode?

1 Reply

  • Hello Christy,

     

    To be on the safe side and to not block any user by possible false-positives you need to enable Transparent mode and back to Blocking mode after policy will be stabilized by automatic learning.

    On the other hand, if it is acceptable that some users can be blocked by false-positive during short period of time, then you can leave system as is (with Blocking mode and automatic learning enabled) - in such case all false-positives will be disabled by automatic learning mode during time, which configured for it... or you can just send some test traffic to existing configuration to catch most false-positives by it.

    Third option - if you know where exactly we had changes e.g. URLs or parameters and etc., then you can enable staging for appropriate entity or for appropriate pure (*) wildcard to avoid blocking in appropriate entity until it will be stabilized by automatic learning.

     

    Thanks, Ivan