Applies To:

Show Versions Show Versions

Manual Chapter: Getting Started with BIG-IP Application Security Manager
Manual Chapter
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

The Application Security Manager provides a Deployment Wizard to help you quickly set up a security policy to protect your application. This guide describes all the setup tasks, as well as how to configure a security policy with each of the available deployment options, or scenarios, of the Deployment Wizard.
Before you start using the Deployment Wizard, we recommend that you review the following descriptions of each deployment scenario, to help you decide which one is most appropriate for your situation.
The traffic that the Policy Builder will use to develop the security policy comes from untrusted clients, that is, actual traffic through the application.
The traffic that the Policy Builder will use to develop the security policy comes from trusted clients; in other words, it is considered to be safe traffic. Trusted clients are those who are known good clients; that is, those whose traffic is not detrmimental or malicious. An example of trusted traffic is that generated by the QA lab employees in your company.
You want to use a pre-configured security policy for one of the following enterprise applications: Lotus® Domino® 6.5, Microsoft® Outlook Web Access® Exchange (2003 and 2007), Microsoft SharePoint (2003 and 2007), SAP® NetWeaver® 7, Oracle 10g, Oracle® Applications 11i, PeopleSoft® Portal 9. Refer to Chapter 6, Deploying an Application-Ready Security Policy, for more information.
You want to deploy a pre-configured security policy that is designed to quickly provide application security for known vulnerabilities. Refer to Chapter 7, Implementing Application Security Using the Rapid Deployment Template, for more information.
This guide is intended to help first-time users get their Application Security Manager up and running, to protect their applications against known and unknown application security vulnerabilities. The chapters in this guide provide step-by-step procedures for creating and deploying several types of security policies for web applications and web services. For example, Chapter 5, Creating a Security Policy Based on XML Transactions, describes how to configure and deploy a security policy for an XML-based web services application. Before you start configuring a security policy for your application, we recommend that you review the available documentation for the Application Security Manager.
Important: The deployment scenarios described in this guide assume that you have installed and licensed the BIG-IP® Application Security Manager. Refer to the product documentation, which is described in the following section, for more information on these tasks.
In addition to this guide, there are several other documentation resources for the BIG-IP system and Application Security Manager. The entire documentation set for current (and past) releases is available on the F5 Technical Support web site, in the AskF5SM Knowledge Base. You can access the technical support web site either from the Welcome screen in the Configuration utility, or from the web address, The documentation set is organized into the following documents and guides.
Configuration Worksheet
This worksheet provides you with a place to plan the basic configuration for the BIG-IP system.
Quick Start Instructions
This pamphlet provides you with the basic configuration steps required to get the BIG-IP system up and running in the network.
Platform Guides
The platform guides include information about the physical BIG-IP system. They also contain important environmental warnings and hazardous substance reports.
BIG-IP® Systems: Getting Started Guide
This guide provides detailed information about installing upgrades to the BIG-IP system. It also provides information about licensing the BIG-IP system software and connecting the system to a management workstation or network.
TMOS Management Guide for BIG-IP® Systems
This guide contains any information you need to configure and maintain the network and system-related components of the BIG-IP system. With this guide, you can perform tasks such as configuring VLANs, assigning self IP addresses, creating administrative user accounts, and managing a redundant system.
Configuration Guide for BIG-IP® Local Traffic Management
This guide contains any information you need for configuring the BIG-IP system to manage local network traffic. With this guide, you can perform tasks such as creating virtual servers and load balancing pools, configuring application and protocol profiles, implementing health monitors, and setting up remote authentication.
Configuration Guide for BIG-IP® Application Security Management
This guide contains detailed configuration information for the application security components of the BIG-IP system. With this guide, you can perform tasks such as creating application security classes, configuring security policies web applications and web services, and monitoring application security events.
To help you easily identify and understand certain types of information, this documentation uses the following stylistic conventions.
All examples in this documentation use only private IP addresses. When you set up the configurations we describe, you must use IP addresses suitable to your own network in place of our sample IP addresses.
When we first define a new term, the term is shown in bold italic text. For example, a referrer is a web page that references other web application entities, such as image files.
We refer to all products in the BIG-IP product family as BIG-IP systems. We refer to the software modules by their name, for example, we refer to the Local Traffic Manager module as simply the Local Traffic Manager. If configuration information relates to a specific hardware platform, we note the platform.
We apply bold text to a variety of items to help you easily pick them out of a block of text. These items include web addresses, IP addresses, utility names, most controls in the Configuration utility, and portions of commands, such as variables and keywords. For example, you click the Apply Policy button to make the security policy active.
We use italic text to denote a reference to another document or section of a document. We use bold, italic text to denote a reference to a book title. For example, you can find information about local traffic virtual servers in the Configuring Virtual Servers chapter of the Configuration Guide for BIG-IP® Local Traffic Management.
We show actual, complete commands in bold Courier text. Note that we do not include the corresponding screen prompt, unless the command is shown in a figure that depicts an entire command line screen. Table 1.1 explains additional special conventions used in command line syntax.
The Configuration utility is the browser-based graphical user interface for the BIG-IP system. In the Configuration utility, the Main tab provides access to the application security configuration objects, as well as the network, system, and local traffic configuration objects. The Help tab contains context-sensitive online help for each screen.
Figure 1.1 shows the Welcome screen of the Configuration utility.
The identification and messages area
The identification and messages area of the Configuration utility is the screen region that is above the navigation pane, the menu bar, and the body. In this area, you find the system identification, including the host name, and management IP address. This area is also where certain system messages display, for example Activation Successful, which appears after a successful licensing process.
The navigation pane
The navigation pane, on the left side of the screen, contains the Main tab, the Help tab, and the Search tab. The Main tab provides links to the major configuration objects. The Help tab provides context-sensitive help for each screen in the Configuration utility. The Search tab provides a quick way to locate local traffic objects.
The menu bar
The menu bar, which is below the identification and messages area, and above the body, provides links to the additional configuration objects within each major object.
The body
The body is the screen area where the configuration settings display.
In the Application Security section of the navigation pane, the first time you click an object with the link icon (), the Configuration utility opens a second screen that contains only application security configuration objects. To differentiate between the two instances, next to the F5 logo in the identification and messages area, the screen shows BIG-IP® -ASM on the screen for Application Security Manager. In this document, we refer to the navigation pane of the BIG-IP Configuration utility as simply the navigation pane. We refer to the navigation pane for the application security Configuration utility as the Application Security navigation pane.
The BIG-IP Configuration utility works with a majority of the commonly-available web browsers, for example, Microsoft® Internet Explorer® and Mozilla® Firefox®. For the most current list of the supported browsers for the Configuration utility, refer to the current release note on the AskF5SM Knowledge Base web site,
Online help
The Configuration utility has online help for each screen. The online help contains descriptions of each control and setting on the screen. Click the Help tab in the navigation pane to view the online help for a screen.
Welcome screen in the Configuration utility
The Welcome screen in the Configuration utility contains links to many useful web sites and resources, including the AskF5SM Knowledge Base, the F5 Solution Center, the F5 DevCentral web site, plug-ins, SNMP MIBs, and SSH clients.
F5 Technical Support web site
The F5 Technical Support web site,, provides the latest documentation for the product, including:
Configuration Guide for BIG-IP® Local Traffic Management
BIG-IP® Systems: Getting Started Guide
Configuration Guide for BIG-IP® Application Security Management
The AskF5SM Knowledge Base
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Was this resource helpful in solving your issue?

NOTE: Please do not provide personal information.

Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)