AltostratusHi experts, we have put a security policy on ASM on ver 11.5.1 in blocking mode. When I go to Overview > Application > Action items > suggested action items, I do see it suggesting that URLs/Cookies/Signatures are still in ready to be enforced. Now this is strange, as soon as you change the policy mode to "blocking" and make the enforcement readiness period to "zero", should`t all of them be automatically enforced??
AltostratusIf you built the policy automatically using the Policy Builder and the policy builder is still enabled for this security policy then yes the items you mention would be enforced (otherwise known as "take out of staging") automatically.
However, if the policy was created manually or the automatic builder has been disabled then you must manually enforce these items.
This allows you to have a security policy in blocking mode and add new entities in staging giving you time to test for false positives.
AltostratusThanks Scott, the policy was manually configured, so we will enforce these entities manually. Question - Lets say a new file type was configured on the servers, will the ASM now block it abd give a learning suggestion for it under manual learning?
CirrocumulusAltostratusDoes the allowed file types list contain a * wildcard entry? If so, then ASM will not block new file types and it will show a manual learning suggestion.
If there is no wildcard entry in allowed file types then yes, ASM will block any file extension that is not on the allowed list and also show a learning suggestion.