Before you can create a security policy, you must perform the minimal system
configuration tasks including defining a VLAN, a self IP address, and other tasks
required according to the needs of your networking environment.
If you want to create a security policy for one of the commonly used enterprise
applications, you can use application-ready templates to create the policy quickly. The
Deployment wizard takes you through the steps required.
On the Main tab, click
The Active Policies screen opens.
Click the Create button.
The Deployment wizard opens to the Select Local Traffic Deployment
For the Local Traffic Deployment Scenario setting,
specify a virtual server to use for the security policy.
The virtual server represents the web application you want to protect.
The Configure Local Traffic Settings screen opens if you are adding a
virtual server. Otherwise, the Select Deployment Scenario screen
- To secure an existing virtual server that has no security policy
associated with it, select Existing Virtual Server
and click Next.
- To create a new virtual server and pool with basic configuration
settings, select New Virtual Server and click
- To create an active but unused security policy, select Do not
associate with Virtual Server and click
Next. No traffic will go through this security
policy until you associate it with a virtual server. The Policy Builder
cannot begin automatically creating a policy until traffic is going to ASM
through the virtual server.
If adding a virtual server, configure the new or existing virtual server, and
The name of the virtual server becomes the name of the security policy.
The Select Deployment Scenario screen opens.
- If creating a new virtual server, specify the protocol, name, virtual
server destination address and port, and pool member IP address and port.
- If using an existing virtual server, it must have an HTTP profile and
cannot be associated with a local traffic policy.
- If you selected Do not associate with Virtual
Server, you will have to manually associate the security
policy with a virtual server at a later time. On the policy properties
screen, you need to specify a name for the security policy.
For Deployment Scenario, select Create a
policy manually or use templates and click
The Configure Security Policy Properties screen opens.
From the Application Language list, select the language
encoding of the application.
Important: You cannot change this setting after you have created the
From the Application-Ready Security Policy list, select
the security policy template to use for your enterprise application.
For the Staging-Tightening Period setting, retain the
default setting of 7 days.
Staging and tightening allows you to test the security policy entities for
false positives without enforcing them.
The security policy provides learning suggestions when requests are
processed that do not meet the security policy entity's settings, but the
security policy does not alert or block that traffic, even if those requests
The Security Policy Configuration Summary screen opens.
Review the settings for the security policy. When you are satisfied with the
security policy configuration, click Finish.
The system creates the security policy and opens the Properties screen.
When you first create the security policy, it operates in transparent mode (meaning
that it does not block traffic). When the system receives a request that violates the
security policy, the system logs the violation event, but does not block the