cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

security policy

CHRISTY_THOMAS
Nimbostratus
Nimbostratus

Just check out a scenario...If a security policy learned the attributes of a web application completely and policy placed in BLOCKING mode, If web application team wants to deploy a newly created UI/module. What should be the procedure that I have to done in BIG IP ...

should I switch the enforcement mode to TRANSPARENT!!!! for automatic learning... Or there is any other solution without changing the already existing policy to transparent mode?

1 REPLY 1

Ivan_Chernenkii
F5 Employee
F5 Employee

Hello Christy,

 

To be on the safe side and to not block any user by possible false-positives you need to enable Transparent mode and back to Blocking mode after policy will be stabilized by automatic learning.

On the other hand, if it is acceptable that some users can be blocked by false-positive during short period of time, then you can leave system as is (with Blocking mode and automatic learning enabled) - in such case all false-positives will be disabled by automatic learning mode during time, which configured for it... or you can just send some test traffic to existing configuration to catch most false-positives by it.

Third option - if you know where exactly we had changes e.g. URLs or parameters and etc., then you can enable staging for appropriate entity or for appropriate pure (*) wildcard to avoid blocking in appropriate entity until it will be stabilized by automatic learning.

 

Thanks, Ivan