Applies To:

Show Versions Show Versions

Manual Chapter: Activating and Deactivating Security Policies
Manual Chapter
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Overview: Activating and deactivating security policies

When you use the Deployment wizard to create a security policy, it is created as an active security policy. You can have up to 249 active security policies on a BIG-IP® system. You can view the list of active security policies in Application Security Manager™ (ASM). The policy that you are currently working on is selected in the list, and on many of the ASM™ screens, it is specified as the current edited policy.

To be actively securing traffic, a security policy should be associated with a virtual server and a local traffic policy. When you create a security policy that uses an existing or new virtual server, the policy is automatically associated with a virtual server and a default local traffic policy. You can edit the local traffic policy, but then it becomes a custom local traffic policy. You can also create a security policy that is not associated with a virtual server, and it is listed in the active security policies.

If you are no longer using a security policy or if you want to delete it, you must deactivate the policy first. You deactivate a security policy from the list of active policies. However, you cannot deactivate a security policy that is associated with a virtual server and a custom (not default) local traffic policy. You need to remove all mention of the security policy from the local traffic policy and virtual server before you can deactivate the security policy.

Once the security policy is deactivated and moved to the list of inactive security policies, you can select it and delete it.

Deactivating security policies

If you no longer want to use a security policy, you can deactivate it, and if you want to delete a security policy, you must first deactivate it. Deactivating a security policy makes it inactive.
  1. On the Main tab, click Security > Application Security > Security Policies. The Active Policies screen opens.
  2. Select the security policy you want to deactivate.
  3. Click Deactivate, and then click OK when prompted to confirm your action. If a custom local traffic policy refers to the security policy, the security policy is not deactivated. You need to first remove mention of the security policy in the associated local traffic policy rules.
If a default local traffic policy is associated with the security policy, the system disassociates the local traffic policy first, then deactivates the security policy. The system moves the security policy to the Inactive Security Policies list, and permanently deletes all of the request log entries generated by the deactivated security policy.

Activating security policies

If you want to resume using an inactive security policy, you can activate it and re-associate it with a virtual server and local traffic policy.
  1. On the Main tab, click Security > Application Security > Security Policies > Inactive Policies. The Inactive Policies screen opens showing security policies that were deactivated or imported from another system (as an inactive policy).
  2. Select the security policy you want to activate.
  3. Click Activate. The Activate Policy screen opens.
  4. For Activation Type, specify whether to associate a virtual server with the security policy.
    • To activate the security policy using the virtual server from another active security policy, click Replace policy associated with virtual server. For Replaced Policy, select the name of the security policy you want to replace.
    • To wait until later to associate a virtual server with the security policy, click Do not associate with virtual server.
  5. Click Activate.
The system moves the security policy to the Active Security Policies list. If you associated the security policy with a virtual server, application security is enabled on the virtual server and the system creates a default local traffic policy. The security policy you activated becomes the current active security policy, and the old security policy moves to the Inactive Security Policies list.
If you did not associate a virtual server with the security policy, the security policy is unusable because no traffic can go through it. As a result, it is meaningless to run the Policy Builder on this type of security policy. You will need to manually associate it with a virtual server (in which case, the system automatically creates a default local traffic policy) in order for the security policy to handle traffic. You can also manually associate a custom local traffic policy with a security policy.

Deleting security policies

Before you can delete a security policy, you must deactivate it first.
If you no longer want to use a security policy, you can delete it.
  1. On the Main tab, click Security > Application Security > Security Policies > Inactive Policies. The Inactive Policies screen opens.
  2. Select the security policy you want to delete.
  3. Click Delete, and then click OK when prompted to confirm your action. The system permanently removes the security policy from the system.
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)