ltm policy asm_auto_l7_policy
Hi Experts, We are migrating WAF in an HA pair from i4800 to i5800, UCS is loaded successfully on new pair. while comparing the configurations i found on some policy on previous node the status was legacy and on new node the status is published. what's the difference please? the status is highlighted in red in below config. old node config ltm policy asm_auto_l7_policy__epsite.telenorbank.pk { controls { asm } last-modified 2023-12-08:23:19:30 requires { http } rules { default { actions { 1 { asm enable policy /Common/PTCL-cloud_WAF } } ordinal 1 } } status legacy strategy first-match7 } New Node config ltm policy asm_auto_l7_policy__epsite.telenorbank.pk { controls { asm } last-modified 2024-04-17:13:00:12 requires { http } rules { default { actions { 1 { asm enable policy /Common/PTCL-cloud_WAF } } ordinal 1 } } status published strategy first-match }35Views0likes0CommentsCannot remove manually configured L7 policy ASM
Dear All , I am trying to deactivate one of the active ASM policy which is not associated to Any VS , But getting below error "Cannot remove manually configured L7 policy" . Has anyone faced this before ? Any suggestions would be appreciated Thanks in advance !!!759Views0likes2CommentsSome questions about ASM module from a beginner
Hello Everyone, My company recently bought some ASM licences for our F5 Big IP and i'm in charge of defining the security policies but I have no experience in it so far and a read only account so it's pretty hard to run some tests and that's why i have some questions for you: 1/What's the difference between Transparent and blocking in Enforcement mod and what suits the most with both of them in signature set (learn/alarm/block)? 2/What does "staging signature" means? What if i dont set a signature set, what does the policy block? 3/ What's the difference between Block in policy (enforcement mod) and block in signature set option? Also correct me if i'm wrong but learn allows me to use the "manual traffic learning" option to see which threats the policy has detected and alarm is a log system-like? 4/What happen if i activate both block option? 5/Scenario that would be much alike what i will do to deploy my policies: I want to observe which threats and who are doing them on my VS already in production before deciding what to block, what would be the best configuration: Transparent as "enforcement mod", "attack signatures configuration" in learn/alarm mod with and ERP of let's say 30 days or something else? After finishing my analyzes, where can i see what have been signaled by the signatures and where can i decide if i block then or not. 8/What happen once the ERP is over? Do I have to change the enforcement mod once the analyse is over (Transparent ->blocking for exemple). Will my policy keep checking if new threat will be detected? I know it's a lot of questions to answer but i have no one else to turn to so thank you very much in advance. Regards,580Views0likes5CommentsASM - The difference between Real Traffic Policy Builder & Staging & Learn .
Hi All Who can particular tell me about three configuration the "difference" and "relationship". About their configuration path at ASM Web GUI: (1)Security ›› Application Security : Policy Building : Settings -> "Real Traffic Policy Builder" (2)Security ›› Application Security : URLs/Attack Signatures Configuration/Parameter .... ->"Perform Staging" (3)Security ›› Application Security : Blocking : Settings -> "Learn" Many Thanks D.LuoSolved579Views0likes8CommentsASM real time policy builder
Hi All, I have configured ASM policy manually and did not enabled ASM real time policy builder. In help it said "Enabled: Specifies that the Policy Builder is configured correctly and is currently processing traffic. Disabled: Specifies that the Policy Builder is not processing traffic. The Policy Builder continues to run in the background." What difference does it actually make in learning the traffic if it is enabled or disabled? Please help me understanding this. Thanks, Sekhar182Views0likes1CommentASM - Enforcement Readiness - Export from one ASM to another
We have an ASM in our Production Environment which we have security policies in Learning mode. There are Attack Signatures 'Ready to be Enforced' - We use our Prod Environment to learn (Real traffic hitting our VIPs) then take the learned attributes and build our policies in our QA ASM. Then we test our policies in QA before rolling them back out into Production. Question- In one case, I have 180 Attack Signatures 'Ready to be Enforced' in Prod. Is it possible to export or copy the 'Ready to be Enforced' Attack Signatures out of our Production ASM and import into our QA ASM? Such that once done, all the 'Ready to be Enforced' Attack Signatures that were in Production ASM now show up on our QA ASM? Thank you209Views0likes0Commentswhere does ASM store its policy configuration
was doing some trouble shooting on an ASM config sync issue and couldn't find the actual ASM policy content config anywhere in /config/. there is an entry in bigip.conf but that is just very basic, a few lines. did i overlook something or is it stored somewhere else?1KViews0likes11Comments