NimbostratusMy company was going to make some major changes to the corporate website and I was wondering what would be the best approach to either making all new ASM policies or relearning what we already have in place?
any opinions would be greatly appreciated...
Here's an article I wrote on ASM Policy Building. It outlines several different methods for building out a new policy on the ASM. You could use the rapid deployment option and let the ASM "learn" traffic pattern, URLs, parameters, etc and then activate the new policy(ies).
NimbostratusThe policies already exist but they are in transparent mode, so would you say to just start new or relearn what I already have?
Are the policies configured the way you want? You could just simply put them in blocking mode and be good. Or, if they are not configured the way you would like, you could just start over with a new policy.
I've done both before...once I had a policy that was looking good and I just needed to put it in blocking mode, and another time I just needed to blow up the old one and start new.
If you have a staging/testing environment and you're not sure about the "goodness" of the configuration of your current policies, you could always turn them on in staging and see if they block appropriately.
Let me know if you have any other questions!
