NimbostratusMy steps:
Local Traffic > Virtual Serves: Virtual Server List > Server_Name,
Open the Server Info,
Click Security,
Click Policies,
I want to change the "Application Security Policy" section but I do not see the drop down to show my policies. I see "Manual Configuration (Advanced)"
What does that mean and how can I fix it?
AltostratusZeus,
This means that your virtual server has either a custom local traffic policy (also know as layer 7 or L7 policy) configured or that a L7 policy was manually assigned to the virtual server. It is the L7 policy which directs http request to the ASM security policy. With ASM if you assign a security policy directly to the VS first then bigip creates a an "auto_L7...." local traffic policy and assigns it to the VS also. With this configuration you can manage the security policy VS assignment directly from Security>Policies.
If you assign an L7 policy to the VS (or customize the default rule in the L7 policy) before assigning a security policy then you will see the message "manual configuration" under Security>Policies and be unable to change security policies there. You must modify the L7 policy to change the security policy that is used.
To see which L7 policy is assigned to the VS go to VS properties>Resources tab>Policies list.
To modify the L7 policy Local Traffic>Policies>Policy List.
What is it that you need to do?
NimbostratusHi Scott,
I also have same scenario in my environment.
According to your suggestion I tried to modify ASM policy which was assigned to VIP from L7 policy Local Traffic>Policies>Policy List.
I had opened policies and also default rule in L7 policy.
In default rule there is traffic mactch crieteria and enable ASM option is there. Also in dropdown list of ASM policy are show.
When I want to change to different ASM policy and I select it. When i went to save it by clicking save tab it is shown as grade out. It will not allow me to save OR do any asm policy change.
I am user with Administrative rights.
This issue I was faced multiple time. When I delete L7 LTM policy then it will allow me. Kindly reply is any way to update this.
CirrocumulusTushkar,
As the L7 policy is published then you'll need to make a draft of it first. Click on the policy you want to change the ASM policy and click on Create Draft. Once you've done this click on the policy in the Draft Policies section. You can then make your changes to the rules and save this. Once it's saved then you can either Save Draft or Save and Publish Policy, this will override the original one with the new one.
See if this helps,
N
CirrusZeus,
if you want to unassigned the policy to the service, please do the following: -Go the Virtual Server --> Resources - under the iRule there is another part related to the Policies; under the Policies you can find something like that /Common/asm_auto_l7_policy_YOUR-SERVICE-NAME - click on manange --> Resource Management --> select your service policy name from ENABLED and then click on >> arrow to right, then save.
thanks