Forum Discussion

sk_330490's avatar
sk_330490
Icon for Nimbostratus rankNimbostratus
Dec 04, 2017

Fixing ASM signature updates after a short break

F5 ASM automatic signature updates are been failing from last 6 months and only been noticed now. Not bothered about why its failing. We are running version 12.1.0

 

1) As the signatures are not updated from last 4 months, we are very sceptical to update it now and all our policies are in blocking mode. We dont want the new signatures to block traffic after the successfull update. I read that it wont put the new signatures to blocking till the staging period ends. How do i make sure that this wont be enforced for next 30 days?

 

Will this enforce any change in existing signatures? Or it puts any changes to the existing signatures in staging as well?

 

How do i make sure we fix this issue without the new signatures causing trouble to our existing applications.

 

How do i get an import of the existing signature list from the problem device and compare it with the latest signature update which is available

 

application delivery
ASM Advanced WAF
BIG-IP
security

2 Replies

Sort By
  • nathe's avatar
    nathe
    Icon for Cirrocumulus rankCirrocumulus
    Dec 04, 2017

    I read that it wont put the new signatures to blocking till the staging period ends. How do i make sure that this wont be enforced for next 30 days?

    Check what the policy Enforcement Readiness Period is, you can update this to 30 days. Bear in mind, when the period ends, the items do not automatically start blocking, you need to Enforce them manually. For any signatures not triggered there will be an "Enforce Ready" option to enforce them all. Any that did trigger violations need to be investigated, if they are true positives then enforce them (i.e. uncheck Staging box from the signature properties). If they are false positives then you need to make a policy change.

    By default, only new Signatures are put in staging, however, there is a box you can check to add any updating signatures into staging too. Check the attack signature updating area of the GUI.

    How do i get an import of the existing signature list from the problem device and compare it with the latest signature update which is available

    There should be a readme file for each signature file, if i recall, this will outline all those signatures added/updated.

    Hope this helps,

    N

  • nathe's avatar
    nathe
    Icon for Cirrocumulus rankCirrocumulus
    Dec 04, 2017

    Any item that can be in staging, like a new parameter, is governed by the enforcement readiness period.