Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

ASM Real Traffic policy builder "tighten" settings

Hi experts, we have a security policy build using the automatic policy builder. Currently it is showing 47% complete. I was checking if it has any learning suggestions so far, so i went to Ploicy building > Status (automatic) > details. IF i expand the details under each category, lets say the 1st one - HTTP Protocol Compliance, it gives me a list of violations under it and then there`s a "enable" button. when i scroll my mouse on it. it says "accept the tighten rule". I am wondering what this means? Is it to enforce all these settings?

under all these violations, it states that the loosen: N/A and Tighten: Rule Satisfied.

I am on version 11.5.1 HF3.

thnx

0
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Tighten simply means adding an explicit entry. In an example where you've got a wildcard fine type. You can tighten the policy by adding explicit file types, .CSS .HTML .txt etc. and then remove the wildcard. The policy is now tightened.

N

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

thanks Nathan, So does enable\tighten mean accept the violation? Something similar under manual traffic learning?

0
Comments on this Answer
Comment made 04-May-2015 by nathan 7289
Yes, I believe so.
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

I'm not sure about that... This is True for File Types and Parameters, but for HTTP Compliance, and Evasion Techniques detected for example this Enable the settings in the "Blocking Settings" Section. Enabling those settings mean, start blocking non compliant HTTP Requests as soon as you ar in Blocking Mode.

0
Comments on this Answer
Comment made 04-Jun-2015 by nathan 7289
Yoann, you are indeed correct. Answered this in haste I suspect. To clarify enable, tighten and accept are all different things. Tighten is as above i.e. add explicit file types, Enable is to enable the violation and Accept, where there isn't the concept of learning or tightening needs either manual intervention or allows the violation and, in essence, removes Blocking.
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Hello F5 Experts and F5, Could you provide some document or video explanation to this process please? The documentation is mostly version specific and I couldn't seem to find a comprehensive information about all of these details. For my case I'm looking at Security > Application Security > Policy Building > Status >> Signature Stability >> Enforce signatures >> Action button. Does clicking this button mean that I will be enforcing all 2000+ signatures in the policy? Does not clicking this button mean that I am not enforcing all 2000+ signatures :( ? I see that the policy is in fact blocking but need to understand the extent of blocking a little better during the Real Traffic Policy Building process. For the example I'm looking at right now, the Real Traffic Policy Builder shows what looks to be 80% progress. We're running ASM 11.6. Thank you.Image Text

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Hello F5 Experts and F5, Could you provide some document or video explanation to this process please? The documentation is mostly version specific and I couldn't seem to find a comprehensive information about all of these details. For my case I'm looking at Security > Application Security > Policy Building > Status >> Signature Stability >> Enforce signatures >> Action button. Does clicking this button mean that I will be enforcing all 2000+ signatures in the policy? Does not clicking this button mean that I am not enforcing all 2000+ signatures :( ? I see that the policy is in fact blocking but need to understand the extent of blocking a little better during the Real Traffic Policy Building process. For the example I'm looking at right now, the Real Traffic Policy Builder shows what looks to be 80% progress. We're running ASM 11.6. Thank you.Image Text

0