Forum Discussion
For experienced ASM administrators I always recommended that a policy be in blocking mode from the start whether building in production or preproduction environment . This is in fact what the Fundamental and Comprehensive deployment templates do beginning with v13.0. With the policy properly configured there is no issue with ASM blocking requests in this state since all attack signatures are in staging by default and if you are learning entities (file types, urls, parameters, etc) they are also in staging after accepting them into the policy. Staging prevents blocking at a more granular level (per signature/entity) and gives you time to sort out false positives before enforcing (disabling staging) a signature/entity. The advantage with this approach is that as you gradually enforce elements of the policy you increase the application security. When building a policy this way it is important to be aware that there are some elements of the policy which do not have the staging option. For example, if the violations under the Policy General Features, HTTP protocol compliance, and Evasion technique detected are enabled and set to block then ASM will will block traffic that triggers them. You should disable the violations or disable blocking for them until you confirm they will not cause false positives.
All that being said, if you do not have much experience with ASM then using transparent mode is the safest way to go.