The policy builder has only reached 39 % even after 7 days of staging.

Question

Is it wise to change the tighten policy properties and loosen policy values ie the amount of source ip it should wait etc for inorder to fasten the process . The management is telling to fasten up the ASM implementation . can anyone give advice on how to do so, i have added manually as well some of the application related parameters, cookies and urls according to event logs and fiddler.The application we are doing now isn't that critical .

erik_novak · Answer

The fastest way to reach 100 percent is to configure a trusted IP address (ideally a machine you control and from which you send only safe, non-violation-generating traffic.) This will allow ASM to build the policy quickly and accurately. We realize that method is not always easy to implement, so the alternative is to keep attack signatures, parameters, file types, and any other entities in staging (the default when using automatic policy building) until you are satisfied that triggered violations are not false positives. To prevent blocking legitimate clients, you can enforce items gradually. Make sense?

Forum Discussion

The policy builder has only reached 39 % even after 7 days of staging.

1 Reply

Recent Discussions

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Pricing when used with aws waf

F5 terminal - help to run commands - disk space full

import live updates from version x to version y

Tenant image upgrade

Related Content

iRule based RADIUS Health Monitor Builder

Support of WAF Signature Staging in F5 Distributed Cloud (XC)

APM RDP Remote resource cannot be reached

Manage F5 BIG-IP Advanced WAF Policies with Terraform (Part 5 - Working with Policy Builder)

promble with Perform Staging