Forum Discussion

rick_delaossa_2's avatar
rick_delaossa_2
Icon for Nimbostratus rankNimbostratus
Mar 07, 2016

ASM 11.5.3 Enforcement Readiness

Currently our ASM Security policy is learning in Transparent mode.

 

I am looking at the enforcement readiness summary, and want to enforce the "Ready To Be Enforced" Entities that it is suggesting.

 

My question is-If I choose to enforce these entities, it will not change the Security Policy to blocking automatically, right?

 

I want it to be able to continue to learn, and tune the policy without blocking anything. (we have another WAF that is blocking right now, but we are planning to replace it)

 

Point is- I want to make sure that when we make the switch and turn the F5 ASM to blocking mode, there will be zero to very very little user interruption if any. We are trying to make this as seamless as possible- including aligning the policies of the other WAF with the F5 ASM policies.

 

Thanks!

 

ASM Advanced WAF
security

1 Reply

Sort By
  • nathe's avatar
    nathe
    Icon for Cirrocumulus rankCirrocumulus
    Mar 07, 2016

    Rick, enforcing those entities won't change the policy mode from transparent to blocking. Those entities will just be removed from Staging.

     

    You can still learn and tune in transparent mode. Just ensure the blocking mask settings for the violations you are interested in have the Learn box checked. Then any violations will be identified in the Manual Traffic Learning section. Without having blocked any real traffic.

     

    You should continue to monitor the manual traffic learning section until you're confident no more false positives are being seen, then you can look to turn the policy to Blocking mode.

     

    Hope this helps,

     

    N