ASM Loading , Receiving configuration data from your device.

Question

Im trying to create a Security Policy (ASM) but the creation hang.....Loading , Receiving configuration data from your device.
Any help would be appreciated. Where should I look to find what is blocking the configuration process?&nbsp;
Security Policy Configuration Summary&nbsp;
Attack Signatures Configuration
SystemsGeneral
Database, Various systems, All systems, Microsoft Windows, BEA Systems WebLogic Server&nbsp;
Signature SetsAutomatically assigned set(s): Generic Detection Signatures&nbsp;
Following set will be created: Systems: Microsoft Windows, BEA Systems WebLogic Server&nbsp;
Signature StagingEnabled&nbsp;
Automatic Policy Building Configuration&nbsp;
Policy TypeFundamental&nbsp;
RulesPolicy Builder learning speed: Medium&nbsp;
Chance of adding false entities to the policy: Medium&nbsp;
Trusted IP AddressesN/A&nbsp;
Enable AJAX blocking response behaviorNo&nbsp;

charles_rosenbe · Answer

You don't mention which version-hotfix you are running.  Depending on that, there could be known bugs or other issues.&nbsp;
In general, you can look for GUI issues in &nbsp;
/var/log/httpd/httpd_errors&nbsp;
/var/log/tomcat/catalina.out&nbsp;
or general errors will be in &nbsp;
/var/log/asm&nbsp;
/var/log/ltm&nbsp;
I recommend taking a qkview and uploading it to iHealth to get some basic Heuristics run to see if there isn't something that it can catch.  It usually is a good starting point for some of the more common issues.&nbsp;

cdg · Answer

Thanks Charles....
Im running Running BIG-IP 11.5.1 Build 4.0.128 Hotfix HF4&nbsp;
I get this in httpd_errors&nbsp;
err httpd[7920]: [error] server reached MaxClients setting, consider raising the MaxClients setting&nbsp;
What would be the best practice numbers for the MaxClients setting?&nbsp;

cdg · Answer

https://support.f5.com/kb/en-us/solutions/public/9000/500/sol9588.html

As per this article...I set the MaxClients Setting to 20.

cdg · Answer

Well my problem is not related to the creation a policy.
Even if I try to do an attack signature update after few minutes a get kick out from the Configuration utility (Unable to contact BIG-IP device).
I have to do a restart /sys service httpd to get the configuration utility back and running.&nbsp;
I will open a support case on this. &nbsp;

charles_rosenbe · Answer

That is probably going to be the best route.  Just for reference, are there multiple users administering the device?  Or, are you using a 3rd party tool to manage it?  How about the iControl REST API?  Or the older iControl XML/SOAP-based one?

Forum Discussion

ASM Loading , Receiving configuration data from your device.

5 Replies

Recent Discussions

vulnerabilities (CVE-2020-36363), CVE-2016-0736,CVE-2019-6593-FOR VERSION BIGIP LTM-16.1.4

Unwinding the Benefits of Investing in White Label Crypto Wallet

SMTP profile not visible & showing

About AWAF "Redirect URLs" in "Responses and Blocks"

F5 iRule to replace host to path

Related Content

Global Log Receiver

Http server node receives partial http request big-ip load balancer

Solution for delayed BIG-IP page load of the Configuration utility

Re: NGINX for Azure: Load Balancing

Deploying F5 BIG-IP with Azure Cross-region load balancer