Evaluate WAF Policy with BIG-IQ Policy Analyzer

Introduction

With BIG-IQ 8.0, F5 introduced a policy analyzer feature for web application security. It allows you to have an evaluation of your policy with respect to F5 recommended practices. It results in giving your team suggestions on enhancing your application’s security posture from a Web Application Firewall perspective.

This article will take you through the process of using the Policy Analyzer feature. The resulting report can be exported to PDF for wider consumption.

Using the Policy Analyzer

The “Policy Analyzer” feature is available from the Configuration menu on BIG-IQ. Ensure that you login to the BIG-IQ web interface with sufficient privileges to access and view the Application Security Policies and their contents.

 

The figure below shows how to access the policy by

  • selecting the Configuration tab,
  • highlighting the Security menu,
  • expanding the item labelled Web Application Security
  • Selecting the Policies

The analyzer feature is available from the “More” menu as shown below:

The Policy Analyzer screen provides the 4 main sections outlined below:

The Security Score shown above provides a synthetic assessment of the policy based on the severity and number of recommendations. 

To look into more detail, refer to the recommendations table shown in the figure below.

From the screen above, you can select and choose to ignore the recommendations. You can also click on the recommendation to access the feature configuration screen directly. This will allow you modify the policy directly from the Analyzer screen. For example, clicking on the “More than 10% or attack signatures are in staging (…)” entry, points to the policy configuration screen shown below:

This allows you to review and hone your policy accordingly and adhere to recommended practices. Once the changes are made, makes sure to Save & Close  .

Keep in mind that you will need to go through the policy deployment process for the policy to become effective on the BIG-IP. (Deployment >> Web Application Security). 

Conclusion

BIG-IQ’s Policy Analyzer can be used to gain better visibility into your security posture from one central location for your entire application security infrastructure.   The insights provided by the Policy Analyzer Tool provide a starting point to gaining visibility in the efficacy of the protection in place.


Published Mar 18, 2021
Version 1.0
ASM Advanced WAF
BIG-IQ
security
series-visibility-and-orchestration-with-f5
WAF Policy Analysis

Was this article helpful?