Applies To:

Show Versions Show Versions

Manual Chapter: Importing and Exporting Security Policies
Manual Chapter
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Overview: Importing and exporting security policies

You can export or import security policies from one Application Security Manager™ (ASM) system to another.

You can export a security policy as a binary archive file or as a readable XML file. For example, you might want to export a security policy protecting one web application to use it as a baseline policy for another similar web application. You might want to export a security policy to archive it on a remote system before upgrading the system software, to create a backup copy, to replace an existing policy, or to merge with another security policy.

You can import a security policy that was previously exported from another ASM™ system. When you import a security policy, you can import it as an inactive security policy or so that it replaces an existing security policy. If you replace an existing policy, the replaced policy is automatically archived with the inactive security policies.

About security policy export formats

Application Security Manager™ can export security policies in binary or XML format. The XML or archive file includes the partition name, the name of the security policy, and the date and time it was exported. For example, a policy called finance in the Common partition is exported to a file called Common_finance_2013-04-28_12-10 with either a .plc (binary) or .xml extension.

An exported security policy includes any user-defined attack signature sets that are in use by the policy, but not the actual signatures. Therefore, it is a good idea to make sure that the attack signatures and user-defined signatures are the same on the two systems.

If you save the policy as an XML file, you can open it to view the configured settings of the security policy in a human readable format.

In addition when exporting to XML, you can save the security policy in a compact format, which results in a smaller XML file. The compact XML format does not include information about the staging state of attack signatures. Also, information about the following items is only included if it was changed from the default values:

  • Meta-character sets
  • Learn, Alarm, and Block settings for violations
  • Response pages
  • IP address intelligence Alarm and Block settings

Exporting security policies

You can export a security policy and save it in a file. The exported security policy can be used as backup, or you can import it onto another system.
  1. On the Main tab, click Security > Application Security > Security Policies. The Active Policies screen opens.
  2. In the Active Security Policies list, select the security policy that you want to export, then click Export.
    Note: You can also export security policies from the Inactive Policies list using the same method.
    The Select Export Method popup screen opens.
  3. Select an export method.
    • To save the security policy as an XML file, select Export security policy in XML format. To reduce the size of the XML file, select the Compact format check box.
    • To save the security policy as a policy archive file (.plc file), select Binary export of the security policy.
    • If the security policy integrates with a vulnerability assessment tool, select the Include Vulnerability Assessment configuration and data check box.
  4. Click Export. The system exports the security policy in the format you specified.
The exported security policy includes any user-defined signature sets that are in the policy, but not the user-defined signatures themselves. Optionally, you can export user-defined signatures from the Attack Signature List (to see the list, go to Security > Options > Application Security > Attack Signatures > Attack Signatures List).

Importing security policies

Before you import a security policy from another system, make sure that the attack signatures and user-defined signatures are the same on both systems. You also need access to the exported policy file.
You can import a security policy that was previously exported from another Application Security Manager™system.
  1. On the Main tab, click Security > Application Security > Security Policies. The Active Policies screen opens.
  2. Click Import. The Import Security Policy screen opens.
  3. Use the Choose File setting to navigate to the previously exported security policy. The exported security policy can be in XML (regular or compact) or binary (.plc) format. The system shows the name of the policy you plan to import and the policy encoding.
  4. For the Import Target setting, select how to import the security policy.
    • To place the uploaded policy into the list of inactive policies for later use, select Inactive Security Policies List.
    • To replace the currently active policy with the security policy you are importing, select Replaced Policy.
  5. Click Import. The system imports the security policy and displays a success status message when the operation is complete.
If you replaced an existing policy, the imported security policy completely overwrites the existing security policy. Also, the imported policy is then associated with the virtual server and local traffic policy that was previously associated with the policy you replaced.. The replaced policy is automatically archived with the inactive security policies.

If you imported a security policy to the list of inactive policies, it does not protect any application. You have to activate the inactive policy and associate it with a virtual server before it can protect an application.

Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)