Applies To:

Show Versions Show Versions

Manual Chapter: Using Application-Ready Security Templates
Manual Chapter
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Overview: Using application-ready security templates

The Application Security Manager™ provides application-ready security policies, which are baseline templates, for the following enterprise applications:

  • Microsoft Outlook Web Access Exchange® 2003, 2007, 2010
  • Microsoft ActiveSync® 1.0, 2.0
  • Microsoft Outlook Web Access Exchange® with Microsoft ActiveSync® 2003, 2007, 2010
  • Microsoft Sharepoint® 2003, 2007, 2010
  • Oracle® Applications 11i
  • Oracle® Portal 10g
  • Lotus Domino® 6.5
  • SAP NetWeaver® 7
  • PeopleSoft® Portal Solutions 9

By using an application-ready template, your organization can quickly create a security policy designed to secure that specific web application. It is a fixed policy that only changes if you decide to adjust it manually or configure additional security features.

Creating a security policy from an application template

You can create a security policy only if you have performed the basic system configuration tasks including defining a VLAN, a self IP address, a local traffic pool, an application security class, and a virtual server, according to the needs of your networking environment.
You can use application-ready templates to create a security policy quickly. The Deployment wizard takes you through the steps required.
  1. On the Main tab, click Application Security > Web Applications.
  2. Locate the web application you want to protect, and click the Configure Security Policy link next to it.
    Tip: If you do not see the web application, first create an application security class.
    The Deployment wizard opens the Select Deployment Scenario screen.
  3. Select Create a policy manually or use templates and click Next. The Deployment Wizard: Configure Security Policy Properties screen opens.
  4. From the Application Language list, select the language encoding of the application.
    Important: You cannot change this setting after you have created the security policy.
  5. From the Application-Ready Security Policy list, select the security policy template to use for your enterprise application and click Next. The Deployment Wizard: Configure Security Policy Properties screen opens.
  6. Review the settings for the security policy. When you are satisfied with the security policy configuration, click Finish. The system creates the security policy.
When you first create the security policy, it operates in transparent mode (meaning that it does not block traffic). When the system receives a request that violates the security policy, the system logs the violation event, but does not block the request.

Fine-tuning a security policy

After you create a security policy, the system provides learning suggestions concerning additions to the security policy based on the traffic that is accessing the application. For example, you can have users or testers browse the web application. When analyzing the traffic to and from the application, the Application Security Manager™ generates learning suggestions or ways to fine-tune the security policy to better suit the traffic and secure the application.

  1. On the Main tab, click Application Security > Policy Building > Manual. The Traffic Learning screen opens, and lists violations that the system has found based on real traffic.
  2. In the Traffic Learning area, click each violation hyperlink, then review and handle learning suggestions:
    Option Description
    Accept Select a learning suggestion, click Accept, and then click Apply Policy. The system updates the security policy to allow the file type, URL, parameter, or other element.
    Clear Select a learning suggestion, and click Clear. The system removes the learning suggestion and continues to generate suggestions for that violation.
    Cancel Click Cancel to return to the Traffic Learning screen.
    Note: Learning suggestions are not available for every violation.
  3. On the Traffic Learning screen, review the violations and consider whether you want to permit any of them (for example, if a violation is causing false positives). Select any violations you do not want the system to trigger, and click Disable Violation. A popup screen opens, and you can verify that you want to disable the violations or cancel the operation.
  4. To activate the updated security policy, in the editing content area, click Apply Policy, then click OK to confirm.
The security policy now includes elements unique to your web application.

Enforcing a security policy

To enforce a security policy, you change the enforcement mode from transparent to blocking.
  1. On the Main tab, expand Application Security and click Policy.
  2. In the editing context area near the top of the screen, verify that the edited security policy is the one you want to work on.
  3. From the Blocking menu, choose Settings.
  4. For the Enforcement Mode setting, select Blocking.
  5. Select or clear the Block check boxes for the violations, as required (or use the default settings).
  6. Click Save.
  7. In the editing context area, click Apply Policy to immediately put the changes into effect.
When the enforcement mode is set to blocking and the violations you want to enforce are set to block, the security policy no longer allows requests that cause these violations to reach the back-end resources. Instead, the security policy blocks the request, and sends the blocking response page to the client.
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Was this resource helpful in solving your issue?

NOTE: Please do not provide personal information.

Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)