Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

Multi Partition ASM Question

Question regarding ASM - Version 11.6.3 - If I'm running Multiple Partitions on the F5. Will the attack signatures only update the partition that I requesting them to be updated on. If coming into an environment where the signatures are set to manual and haven't been updated for over a year, should I be concerned about downloading new ones without creating an impact to the environment? Has anyone performed any updates with a long pause in between manual updates?

0
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Partitions are a concept of segregating virtual servers and other objects but it does not segregate many items such as the attack signature database.

Being that you are on 11.6, the following is true:

https://support.f5.com/csp/article/K8217

When signatures are updated in BIG-IP ASM 11.0.0 and later, new signatures are placed in staging (non-blocking) where as updated and unchanged signatures remain in the configured mode (blocking).

So to reiterate, your only danger is attributed to the updated signatures causing false positives. You don't have to worry about the brand new signatures as they'll be put into staging.

Ensure that learning suggestions aren't disabled (auto or manual will work) and be ready to resolve those false positives.

0