Applies To:

Show Versions Show Versions

Manual Chapter: Configuring General System Options
Manual Chapter
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

15 
The Application Security Manager includes general system options that apply to the overall application security configuration. You can use these options to perform the following tasks:
1.
In the Application Security navigation pane, point to Options and then click GUI Preferences.
The GUI Preferences screen opens.
2.
From the Start Screen list, select the default opening screen you want to display when starting Application Security Manager. By default, the Welcome screen is the default opening screen.
3.
For Records Per Screen, type the number of entries you want displayed by default (1-100). The default value is 20.
4.
For Records Per Requests Screen, type the number of requests to display by default (1-1000). The default value is 500.
5.
For Titles Tooltip Settings, select one of the options for how to display tooltips:
Show tooltip icons: Display an icon if a tooltip is available for a setting, and show the tooltip when you move the cursor over the icon. This is the default setting.
Show tooltips on title mouseover: Display a tooltip when you move the cursor over a setting on the screen.
Do not show tooltips: Never display tooltips or icons.
6.
For Advanced by Default, select whether to display all possible settings (Advanced) or the Basic settings on screens with that option.
7.
If the BIG-IP system is in a redundant configuration, for Recommend Sync When Policy Not Applied, select whether to display a message telling you to synchronize the two systems when a security policy was updated but not applied.
8.
Click Save to keep your changes.
The Application Security Manager provides a user role specifically designed for security policy management. You can assign the Application Security Policy Editor user role to those personnel who can edit the security policies, but cannot change any of the local traffic, network, or system settings. For additional information on user roles and user management, refer to the TMOS® Management Guide for BIG-IP® Systems, which is available in the Ask F5SM Knowledge Base at https://support.f5.com.
1.
In the navigation pane, expand System, and then click Users.
The User List screen opens.
2.
Click the Create button.
The New User screen opens.
3.
For the User Name setting, type the users name.
4.
For the Password setting, type and confirm the users password.
5.
For the Role setting, select Application Security Policy Editor from the list.
7.
Click Finished.
The User List screen opens and includes the new user account in the list.
Logging profiles specify how and where the system stores requests data for web applications. When you configure a web application, you select the logging profile for that web application. You can use one of the system-supplied logging profiles, or you can create a custom logging profile. Additionally, you can choose to log the requests data locally, or on a remote storage system. Note that the system-supplied logging profiles log data locally. For more information on selecting the logging profile for a web application, refer to Configuring the logging profile for a web application.
A logging profile has two parts: the storage configuration and the storage filter. The storage configuration specifies where the logs are stored, either locally or remotely. The storage filter determines what information gets stored.
You can configure a logging profile to store request data on the local BIG-IP system. When you store the request data locally, the logging utility may compete for system resources. You can use the Guarantee Logging setting to ensure that the system logs the requests in this situation.
Important: Enabling the Guarantee Logging setting may cause a performance reduction if you have a high traffic-volume application.
1.
In the Application Security navigation pane, point to Options, and then click Logging Profiles.
The Logging Profiles screen opens.
2.
Above the Logging Profiles area, click the Create button.
The Create New Logging Profile screen opens.
3.
For Configuration, select Advanced.
4.
In the Configuration area, for the Profile Name setting, type a unique name for the logging profile.
5.
Optionally, for the Profile Description setting, type any additional information about the profile.
6.
For the Storage Type setting, select Local.
7.
To ensure that the system logs requests for the web application, even when the logging utility is competing for system resources, check the Guarantee Logging box.
Note: Enabling this setting may slow access to the associated web application.
9.
Click the Create button.
The screen refreshes, and displays the new logging profile on the Logging Profiles screen.
You can create a logging profile to store request remotely on syslog servers. When you configure a logging profile for remote storage, the system stores the request data for the associated web application on a separate remote management system, where you can view the files.
Important: The logging profile for remote storage relies on external systems to perform the actual logging. The configuration and maintenance of the external logging servers is not the responsibility of F5 Networks.
1.
In the Application Security navigation pane, point to Options, and then click Logging Profiles.
The Logging Profiles screen opens.
2.
Above the Logging Profiles area, click the Create button.
The Create New Logging Profile screen opens.
3.
For Configuration, select Advanced.
4.
For the Profile Name setting, type a unique name for the logging profile.
5.
Optionally, for the Profile Description setting, type any additional information about the profile.
6.
For the Storage Type setting, select Remote.
The screen refreshes, and displays additional settings.
7.
For the Protocol setting, select the protocol that the remote storage server uses.
8.
For the Server IP setting, type the IP address of the remote storage server.
9.
For the Server Port setting, type a port number or use the default value, 514.
10.
For the Facility setting, select the syslog facility filter that you want to associate with this request data.
Tip: If you have more than one web application, and you configure remote logging for both applications, you can use the facility filter to sort the data for each.
11.
For the Storage Format setting, from the Available Items list, select one or more data items that you want the log to contain. Use the Move button (<<) to add the data items to the Selected Items list. Optionally, specify the log format for the data items, by selecting one of the following options:
Predefined: If you select this option, specify the delimiter to separate the data in the log, and also select the data items that you want to store remotely.
User-defined: If you select this option, in the Selected Items box, type the data items that you want the system to store, with surrounding percent (%) characters (for example,%request%). You may also select data items from the Available Items list, and move them to the Selected Items list.
13.
If you want the system to log when a brute force attack, DoS attack, IP enforcer attack, or web scraping attack starts and ends, check the Report Detected Anomalies box.
15.
Click the Create button.
The screen refreshes, and displays the new logging profile on the Logging Profiles screen.
Important: This logging profile relies on external systems to perform the actual logging. The configuration and maintenance of the external logging servers is not the responsibility of F5 Networks.
1.
In the Application Security navigation pane, in the Application Security section, point to Options, and then click Logging Profiles.
The Logging Profiles screen opens.
2.
Above the Logging Profiles area, click the Create button.
The Create New Logging Profile screen opens.
3.
For Configuration, select Advanced.
The screen refreshes to display additional settings.
4.
For the Profile Name setting, type a unique name for the logging profile.
5.
Optionally, for the Profile Description setting, type any additional information about the profile.
6.
For the Storage Type setting, select Reporting Server.
The screen refreshes, and displays additional settings.
7.
For the Server IP setting, type the IP address for the remote storage server.
8.
For the Server Port setting, type a port number or use the default value, 514.
10.
If you want the system to log the start and end time of a brute force attack, DoS attack, IP enforcer attack, or web scraping attack, check the Report Detected Anomalies box.
11.
For Storage Filter, select Advanced.
The screen refreshes to display additional settings.
13.
Click the Create button.
The screen refreshes, and displays the new logging profile on the Logging Profiles screen.
If your network uses ArcSight logs, you can configure a logging profile that formats the log information for that system. Application Security Manager stores all logs on a remote logging server using the predefined ArcSight settings for the logs.
CEF:Version|Device Vendor|Device Product|Device Version
|Device Event Class ID|Name|Severity|Extension
Important: This logging profile relies on external systems to perform the actual logging. The configuration and maintenance of the external logging servers is not the responsibility of F5 Networks.
1.
In the Application Security navigation pane, in the Application Security section, point to Options, and then click Logging Profiles.
The Logging Profiles screen opens.
2.
Above the Logging Profiles area, click the Create button.
The Create New Logging Profile screen opens.
3.
For Configuration, select Advanced.
The screen refreshes to display additional settings.
4.
For the Profile Name setting, type a unique name for the logging profile.
5.
Optionally, for the Profile Description setting, type any additional information about the profile.
6.
For the Storage Type setting, select ArcSight.
The screen refreshes, and displays additional settings.
7.
For the Protocol setting, select TCP (the default setting), UDP, or TCP-RFC3195.
8.
For the Server IP setting, type the IP address of the remote storage server.
9.
For the Server Port setting, type a port number or use the default value, 514.
11.
If you want the system to log the start and end time of a brute force attack, DoS attack, IP enforcer attack, or web scraping attack, check the Report Detected Anomalies box.
12.
For Storage Filter, select Advanced.
The screen refreshes to display additional settings.
14.
Click the Create button.
The screen refreshes, and displays the new logging profile.
The storage filter determines what request information the logging profile stores. The storage filter stores the same information for all logging profiles. You can either modify the storage filter for an existing logging profile, or you can create a new logging profile. To create new logging profile, see Configuring a logging profile for local storage, Configuring a logging profile for remote storage, Configuring a logging profile for a reporting server, or Configuring a logging profile if using ArcSight logs, for more information.
1.
In the Application Security navigation pane, in the Application Security section, point to Options, and then click Logging Profiles.
The Logging Profiles screen opens.
2.
In the Logging Profiles area, click the name of an existing logging profile.
The Edit Logging Profile screen opens.
3.
For Storage Filter, select Advanced.
The screen refreshes to display additional settings.
4.
For the Logic Operation setting, select the manner in which the system associates the criteria you specify. The criteria are the remaining settings in the storage filter.
OR: Select this operator if you want the system to log the data that meets one or more of the criteria.
AND: Select this operator if you want the system to log the data that meets all of the criteria.
5.
For the Request Type setting, select the requests that you want the system to store in the log.
6.
For the Protocols setting, select whether logging occurs for HTTP and HTTPS protocols or a specific protocol.
7.
For the Response Status Codes setting, select whether logging occurs for all response status codes or specific ones.
8.
For the HTTP Methods setting, select whether logging occurs for all methods or specific methods.
9.
For the Request Containing String setting, select whether the request logging is dependent on a specific string.
10.
Click the Update button.
The screen refreshes, and displays the new logging profile on the Logging Profiles screen.
You can customize the severity levels of security policy violations for application security events that are logged by the syslog utility. The event severity levels are Informational, Notice, Warning, Error, Critical, Alert, and Emergency. They range from least severe (Informational) to most severe (Emergency). You can export violations and severity levels to a syslog server.
For more information on how BIG-IP systems use the syslog utility, refer to the Logging BIG-IP System Events chapter in the TMOS® Management Guide for BIG-IP® Systems.
Important: Changes to the event severity level for security policy violations are applied globally to all web applications in the Application Security Manager.
1.
In the Application Security navigation pane, point to Options, and then click Severities.
The Severities screen opens.
3.
Click the Save button to retain any changes.
Tip: If you modify the event severity levels for any of the security policy violations, and later decide you want to use the system-supplied default values instead, click the Restore Defaults button.
Locally stored system logs for the Application Security Manager are accessible from the Configuration utility for the BIG-IP system. Note that these are the logs for general system events and user activity. Security violation events are displayed in the Configuration utility for the Application Security Manager. For more information on logging in general, refer to the TMOS® Management Guide for BIG-IP® Systems, which is available in the Ask F5SM Knowledge Base, https://support.f5.com.
Tip: If you prefer to review the log data from the command line, you can find the application security log data in the /var/log/asm directory.
1.
In the navigation pane of the BIG-IP system, expand System, and then click Logs.
The System Logs list screen opens.
2.
On the menu bar, click Application Security.
The Application Security log list screen opens, where you can review the logged entries.
The RegExp Validator is a system tool designed to help you verify your regular expression syntax. You can type your regular expression in the RegExp Validator, and provide a test string pattern, and the tool analyzes the data.
1.
In the Application Security navigation pane, point to Options, Tools, and then click RegExp Validator.
The RegExp Validator screen opens.
2.
In the RegExp box, type the regular expression you want to validate, or the regular expression you want to use to verify a test string.
3.
In the Test String box, type a string to verify using a regular expression.
4.
Click the Validate button.
The screen refreshes and shows the results of the validation.
Note: For the SMTP mailer to work, you need to make sure the SMTP server is on the DNS lookup server list (System>>Configuration>>Device>>DNS).
1.
In the Application Security navigation pane, point to Options, and then click SMTP Configuration.
The SMTP Configuration screen opens.
2.
Check the Enable SMTP mailer box.
3.
For SMTP Server Host Name, type the fully qualified host name of an SMTP server (for example, smtp.example.com).
4.
For SMTP Server Port Number, type the SMTP port number (25 is the default for no encryption; 465 is the default if SSL or TLS encryption is the encryption setting).
5.
For Local Host Name, type the fully qualified host name of the BIG-IP system.
6.
For From Address, type the mail address to use as the reply-to address of the email.
7.
For Encrypted Connection, select whether the SMTP server requires an encrypted connection to send mail, or not. Select No encryption, SSL (Secure Sockets Layer), or TLS (Transport Layer Security).
8.
If you want the SMTP server to validate users before sending email, check the Use Authentication box, then type the Username and Password that the SMTP server requires for validation.
9.
Click Update to save the changes.
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)