Merging two policies with conflicting settings.

Question

Hi;&nbsp;
When I merge a policy2 with Enforcement Mode of block and disabled signature staging with policy1 with Enforcement Mode of transparent and enabled signature staging. The merging is to be Automatic with maintaining the conflicting settings on each policy.&nbsp;
What would be the resultant setting here?&nbsp;
would it be transparent/staging enabled? My working colleague is telling me it is Blocking/staging enabled.&nbsp;
Kindly
Wasfi&nbsp;

chris_grant · Answer

Because these are both global settings you can't have a mix and match. Any time you merge policies you should review the resulting policy for potential problems. Our documentation on this is very old, but it appears that if either policy has staging enabled, staging will be enabled on the attack signatures in the new policy. Some decisions depend on which is the primary policy and which is the secondary, and it is not clear if the global blocking setting is one of these. I would not say that your findings are unexpected, though.

Forum Discussion

Merging two policies with conflicting settings.

1 Reply

Recent Discussions

BIG-IP DNS: Check Status Of Multiple Monitors Against Pool Member

Open Redirection Mitigation

F5Access | MacOS Sonoma

enable tls1.2 on management interface on F5 ltm running version 10.x

[ASM] - what is "Browser Challenge file" ?

Related Content

Auditing Security Policy Updates

Minimizing Security Complexity: Managing Distributed WAF Policies

Setting up BIG-IP with AWS CloudHSM

Setting up persistence in F5 XC

Set HTTP version