Multi Partition ASM Question

Question

Question regarding ASM - Version 11.6.3 - If I'm running Multiple Partitions on the F5. Will the attack signatures only update the partition that I requesting them to be updated on. If coming into an environment where the signatures are set to manual and haven't been updated for over a year, should I be concerned about downloading new ones without creating an impact to the environment? Has anyone performed any updates with a long pause in between manual updates?

i_r_101_110 · Answer

Partitions are a concept of segregating virtual servers and other objects but it does not segregate many items such as the attack signature database. &nbsp;
Being that you are on 11.6, the following is true:&nbsp;
https://support.f5.com/csp/article/K8217&nbsp;
When signatures are updated in BIG-IP ASM 11.0.0 and later, new signatures are placed in staging (non-blocking) where as updated and unchanged signatures remain in the configured mode (blocking).&nbsp;
So to reiterate, your only danger is attributed to the updated signatures causing false positives. You don't have to worry about the brand new signatures as they'll be put into staging. &nbsp;
Ensure that learning suggestions aren't disabled (auto or manual will work) and be ready to resolve those false positives. &nbsp;

Forum Discussion

Multi Partition ASM Question

1 Reply

Recent Discussions

F5Access | MacOS Sonoma

Rewrite uri translation not working

Chrome V 124+ on MacOS - Virtual Server Access Issue

Transaction looks successful but file not downloading

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Related Content

What is Multi-Cloud Networking?

Multi-Cluster, Multi-Cloud Networking for K8S with F5 Distributed Cloud – Architecture Pattern

F5 BIG-IP in Cisco ACI Multi-Site and Multi-Pod - Design Options

Multi-Cluster, Multi-Cloud Networking for K8S with F5 Distributed Cloud – Deployment Guideline

Community Learning Path: Multi-Cloud Networking