Check1t_282465
Mar 19, 2018Nimbostratus
Automatic Policy Building Learning limitations
I created a policy and selected Fundamental attributes, learning Speed Medium. After creating, confirmed learning mode automatic and switched Enforcement from Blocking to Transparent. After saving, Policy type switched to Custom. I then added Trusted IP in IP Address exceptions (only checked trusted ip in checkboxes). I then connected to appliation with trusted IP and performed a number of actions. After logging off, checked F5. Found a) Changes to policy appear in audit log (parameters, file types, etc) b) I triggered 410 response, but still flagged as illegal response. Are response codes not part of learning?
c) There are a number of Suggestions submitted for Evasion Techniques HTTP protocol compliance recommend blcoking be turned on. To be expected? d) Changes not yet applied. Is this typical, or should the policy learning been automatically applied? Is this dependent on whether the Policy Type is custom or not?
For Version BIG-IP 12.1.2 Build 2.119.276 Engineering Hotfix HF2