Forum Discussion

draco_184361's avatar
draco_184361
Icon for Nimbostratus rankNimbostratus
Nov 15, 2017

ASM policy building

Hi

 

I am going to start deploying ASM policies for some applications in a site. Is there any document regarding what all information should be taken from the application team before starting off with the policy building on F5 ? I understand we need the web server , database server, framework details ,.//what else ?It would be of great help. Thank you.

 

5 Replies

  • i would really advise to involve your f5 partner in such a project, having experience is worth a lot on ASM, else it will most likely be a long and difficult road.

     

    also be sure to involve the application / web team, ASM projects done by only the network / firewall guys usually don't go that well.

     

  • Make sure you understand the data being exchanged.

     

    In particular, XML and JSON content profiles need be applied to the appropriate URLs/Content-Types.

     

  • Kel's avatar
    Kel
    Icon for Nimbostratus rankNimbostratus

    Something you may also want to do is get input from Security folks i.e. be able to cover your Organisational's security requirements which will translate to which settings you switch-on in your policy. A report from Application vulnerability assessment can also give you helpful answers.