Forum Discussion
5 Replies
- Nuruddin_Ahmed_Cirrostratus
Hi,
you can have but it will not be a good idea. Suppose if one application does not work due to a signature hit and you want to disable that signature then it would be disabled for all the applications.
- Arnaud_LemaireEmployee
+1 what you could do is using templates for employment thus each app will have a dedicated policy which can evolve.
- John_BuchananNimbostratus
In addition to what the others said, my answer would be yes but with some caveats. I have a single security policy in front of hundreds of VS's / applications, however, each application is simply a unique installation of our custom SIS application for varying customers. Code base is the same, signature requirements are identical, and any variations in parameters, etc learned from a connection to Customer A's instance may also be application to Customer B, and so on. Even if they are not there is not enough variation to justify the added work of maintaining unique policies for each customer VS. My plan is that should something pop up necessitating a unique configuration for a specific customer, then I'll move to a unique policy for that customer only. There are probably several ways to go about this but what I'm doing works well for us.
- Vijith_182946Cirrostratus
The policy should entirely sync with the underlining web application and its architecture. I had thought about having single policy during our initial configuration but F5 recommended not to go for this unless each of the application uses same SDLC process and architecture. It will be difficult to manage in the later stage.
- F5findings_1446Nimbostratus
Thanks guys for your response. I am still in the question as i need to deploy more than 100 applications in the ASM. configuration ,troubleshooting & maintenance point of view i am looking for solution to deploy this.
Please comments if anybody you have solid approach or plan on this.
Thanks..