Applies To:

Show Versions Show Versions

Manual Chapter: Maintaining an F5 Web Application Firewall in Azure
Manual Chapter
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

View violations and status messages from the WAF

You can view more detailed information about traffic being monitored by the WAF, and if necessary, block or unblock it.
  1. In the Azure portal, in the left pane, click Browse > Security Center .
  2. In the Detection area, click the Security alerts chart.
    The chart displays flagged traffic from all vendors.
  3. Filter the list by clicking the Filter icon at the top of the page.
  4. To see details, click the traffic you're interested in.
  5. On the blade that opens, click the row to show more details.
  6. On the blade that opens, copy the Remediation Steps- Extra Information text, for example:
  7. Click the Management URL link and log in with the username azureuser and the password you specified when you created the WAF.
  8. In the browser address bar, remove /xui from the address and paste the remediation steps information, for example:
    https://10.10.10.10:8443/dms/policy/win_open_proxy_request.php?id=&support_id=4854296639235424357
    The BIG-IP® Configuration utility displays the details of the message.
  9. To stop blocking the traffic that's displayed, in the Accept Status area, click the Accept this Request button.

Add an additional application behind the WAF

After you have created the WAF, you can secure more applications behind it.
Note: All applications behind the same WAF will have the same security blocking level, and must be of the same application type (IIS, Linux, etc.).
  1. In the Azure portal, in the left pane, click Browse > Security Center .
  2. In the Prevention area, click the Recommendations chart.
  3. From the list of recommendations, select Add a web application firewall.
  4. Select the web application you want to secure.
  5. Select an existing WAF.
  6. On the WAF Information blade, note the internal server IP address and click OK.
The application is now behind the WAF.

Unlink an application from the WAF

You can remove an application from the WAF if you no longer want to use the WAF to secure it.
Note: You must leave at least one application associated with the WAF.
  1. In the Azure portal, in the left pane, click Browse > Security Center .
  2. In the Prevention area, click the Partner solutions widget.
  3. On the Partner solutions blade, select the WAF.
  4. On the blade for your WAF, click the application you want to unlink.
  5. On the blade for your application, click Unlink app.
  6. On the confirmation message, click Yes.
    The application is removed from the WAF.

More granular control of WAF settings

The Application Security Manager™ (ASM) module on the F5 WAF has policy settings that determine how the WAF behaves.

Although these policy settings are automatically configured when you create the WAF, you can log in to BIG-IP® Configuration utility and change them. You should not change settings unless you are familiar with ASM™. For more information about ASM, see the Changing Security Policy Settings chapter in the BIG-IP Application Security Manager: Implementations guide on http://support.f5.com/kb/en-us.html.
Important: Wait approximately five minutes after the WAF is created before making changes to the associated ASM security policy.

Revert ASM security policies to the default

If you change the ASM™ policy settings and decide you want to revert to the original settings, you can.
Note: This task involves updating an iApp. Do not edit the iApp for any other reason.
  1. In the Azure portal, in the left pane, click Browse > Security Center .
  2. In the Prevention area, click the Partner solutions widget.
  3. Click the name of the WAF.
  4. Click the Solution console button.
    The BIG-IP Configuration utility opens in a new browser tab.
  5. Log in to the BIG-IP Configuration utility with the username azureuser and the password you specified when you created the WAF.
  6. On the Main tab, click iApps > Application Services .
  7. Click the application you want to revert.
    The name contains either the IP address or fully-qualified domain name for your application, for example: deployment_10.10.100.12.
  8. Click the Reconfigure tab.
  9. Click Finished.
BIG-IP® VE resets ASM security policy settings to the default.

Troubleshooting the F5 WAF

If you log in to the BIG-IP® Configuration utility, you might notice the following messages or warnings.

Warning: Source Template Has Changed
You can ignore this message. It might be displayed when you add an application to a WAF or reconfigure an application in Azure Security Center.
Changes Pending
You can ignore this message. If you made changes to ASM™ security policy, the changes are automatically synchronized to the WAF devices in your deployment through a device group called Sync. A separate device group called datasync-global-dg is synchronized manually and is the cause of the message.
Virtual servers may be in Unchecked status
You can ignore this message. Traffic will still be forwarded correctly through the virtual servers.

Find the BIG-IP VE registration key

If you need to call F5 Support, you will need the registration key associated with BIG-IP® VE.
  1. In the Azure portal, in the left pane, click Browse > Security Center .
  2. In the Prevention area, click the Partner solutions widget.
  3. Click the name of the WAF.
  4. Click the Solution console button.
    The BIG-IP Configuration utility opens in a new browser tab.
  5. Log in to the BIG-IP Configuration utility with the username azureuser and the password you specified when you created the WAF.
  6. On the Main tab, click System > License and click Re-activate.
The key is displayed in the Base Registration Key field.

Delete a WAF

If you no longer need a WAF, you can delete it. The associated resource group and all related objects remain, and should be manually deleted.
  1. In the Azure portal, in the left pane, click Browse > Security Center .
  2. In the Prevention area, click the Partner solutions widget.
  3. On the Partner solutions blade, select the WAF you want to delete.
  4. On the blade for your WAF, in the Associated resources section, ensure that only one application is linked to the WAF.
  5. Click Delete solution.
  6. On the confirmation message, click Yes.
This deletes the WAF. If you would like, you can now associate the application with another WAF.
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)