asm policy configuration

8 Topics

where does ASM store its policy configuration
was doing some trouble shooting on an ASM config sync issue and couldn't find the actual ASM policy content config anywhere in /config/. there is an entry in bigip.conf but that is just very basic, a few lines. did i overlook something or is it stored somewhere else?
boneyard
Dec 05, 2014 Place Technical Forum
999Views
0likes
11Comments
Cannot remove manually configured L7 policy ASM
Dear All , I am trying to deactivate one of the active ASM policy which is not associated to Any VS , But getting below error "Cannot remove manually configured L7 policy" . Has anyone faced this before ? Any suggestions would be appreciated Thanks in advance !!!
solaikumar_1217
Feb 08, 2016 Place Technical Forum
699Views
0likes
2Comments
ASM - The difference between Real Traffic Policy Builder & Staging & Learn .
Hi All Who can particular tell me about three configuration the "difference" and "relationship". About their configuration path at ASM Web GUI: (1)Security ›› Application Security : Policy Building : Settings -> "Real Traffic Policy Builder" (2)Security ›› Application Security : URLs/Attack Signatures Configuration/Parameter .... ->"Perform Staging" (3)Security ›› Application Security : Blocking : Settings -> "Learn" Many Thanks D.Luo
Solved
Demeter_Luo_168
Sep 06, 2016 Place Technical Forum
562Views
0likes
8Comments
Some questions about ASM module from a beginner
Hello Everyone, My company recently bought some ASM licences for our F5 Big IP and i'm in charge of defining the security policies but I have no experience in it so far and a read only account so it's pretty hard to run some tests and that's why i have some questions for you: 1/What's the difference between Transparent and blocking in Enforcement mod and what suits the most with both of them in signature set (learn/alarm/block)? 2/What does "staging signature" means? What if i dont set a signature set, what does the policy block? 3/ What's the difference between Block in policy (enforcement mod) and block in signature set option? Also correct me if i'm wrong but learn allows me to use the "manual traffic learning" option to see which threats the policy has detected and alarm is a log system-like? 4/What happen if i activate both block option? 5/Scenario that would be much alike what i will do to deploy my policies: I want to observe which threats and who are doing them on my VS already in production before deciding what to block, what would be the best configuration: Transparent as "enforcement mod", "attack signatures configuration" in learn/alarm mod with and ERP of let's say 30 days or something else? After finishing my analyzes, where can i see what have been signaled by the signatures and where can i decide if i block then or not. 8/What happen once the ERP is over? Do I have to change the enforcement mod once the analyse is over (Transparent ->blocking for exemple). Will my policy keep checking if new threat will be detected? I know it's a lot of questions to answer but i have no one else to turn to so thank you very much in advance. Regards,
BlackBolt_22590
Mar 22, 2017 Place Technical Forum
556Views
0likes
5Comments
Not able to assign ASM Policy
Hi, I have created a ASM policy without attaching to any VS. After the policy is configured I tried attaching to VS but it didn't reflect in list pane. Please help in knowing why I am not able to find it in list pane. Thanks, Sekhar
Sekhar
Apr 01, 2015 Place Technical Forum
499Views
0likes
7Comments
ASM - Enforcement Readiness - Export from one ASM to another
We have an ASM in our Production Environment which we have security policies in Learning mode. There are Attack Signatures 'Ready to be Enforced' - We use our Prod Environment to learn (Real traffic hitting our VIPs) then take the learned attributes and build our policies in our QA ASM. Then we test our policies in QA before rolling them back out into Production. Question- In one case, I have 180 Attack Signatures 'Ready to be Enforced' in Prod. Is it possible to export or copy the 'Ready to be Enforced' Attack Signatures out of our Production ASM and import into our QA ASM? Such that once done, all the 'Ready to be Enforced' Attack Signatures that were in Production ASM now show up on our QA ASM? Thank you
mortoj_167568
Oct 21, 2015 Place Technical Forum
206Views
0likes
0Comments
ASM real time policy builder
Hi All, I have configured ASM policy manually and did not enabled ASM real time policy builder. In help it said "Enabled: Specifies that the Policy Builder is configured correctly and is currently processing traffic. Disabled: Specifies that the Policy Builder is not processing traffic. The Policy Builder continues to run in the background." What difference does it actually make in learning the traffic if it is enabled or disabled? Please help me understanding this. Thanks, Sekhar
Sekhar
Nov 14, 2015 Place Technical Forum
177Views
0likes
1Comment
ltm policy asm_auto_l7_policy
Hi Experts, We are migrating WAF in an HA pair from i4800 to i5800, UCS is loaded successfully on new pair. while comparing the configurations i found on some policy on previous node the status was legacy and on new node the status is published. what's the difference please? the status is highlighted in red in below config. old node config ltm policy asm_auto_l7_policy__epsite.telenorbank.pk { controls { asm } last-modified 2023-12-08:23:19:30 requires { http } rules { default { actions { 1 { asm enable policy /Common/PTCL-cloud_WAF } } ordinal 1 } } status legacy strategy first-match7 } New Node config ltm policy asm_auto_l7_policy__epsite.telenorbank.pk { controls { asm } last-modified 2024-04-17:13:00:12 requires { http } rules { default { actions { 1 { asm enable policy /Common/PTCL-cloud_WAF } } ordinal 1 } } status published strategy first-match }
Asim_IIPL
Apr 18, 2024 Place Technical Forum
46Views
0likes
0Comments