Applies To:

Show Versions Show Versions

Manual Chapter: Maintaining an F5 Web Application Firewall in Azure
Manual Chapter
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

View violations and status messages from the WAF

You can view more detailed information about traffic being monitored by the WAF, and if necessary, block or unblock it.
Note: If you deployed the WAF from the Azure Marketplace, violations and status messages do not appear in Azure Security Center.
  1. In the Azure portal, in the left pane, click Browse > Security Center .
  2. In the Detection area, click the Security alerts chart.
    The chart displays flagged traffic from all vendors.
  3. Filter the list by clicking the Filter icon at the top of the page.
  4. To see details, click the traffic you're interested in.
  5. On the blade that opens, click the row to show more details.
  6. On the blade that opens, copy the Remediation Steps- Extra Information text, for example:
  7. Click the Management URL link and log in with the username azureuser and the password you specified when you created the WAF.
  8. In the browser address bar, remove /xui from the address and paste the remediation steps information, for example:
    https://10.10.10.10:8443/dms/policy/win_open_proxy_request.php?id=&support_id=4854296639235424357
    The BIG-IP® Configuration utility displays the details of the message.
  9. To stop blocking the traffic that's displayed, in the Accept Status area, click the Accept this Request button.

More granular control of WAF settings

The Application Security Manager™ (ASM) module on the F5 WAF has policy settings that determine how the WAF behaves.

Although these policy settings are automatically configured when you create the WAF, you can log in to BIG-IP® Configuration utility and change them. You should not change settings unless you are familiar with ASM™. For more information about ASM, see the Changing Security Policy Settings chapter in the BIG-IP Application Security Manager: Implementations guide on http://support.f5.com/kb/en-us.html.
Important: Wait approximately five minutes after the WAF is created before making changes to the associated ASM security policy.

Add an application behind the firewall

To add an application behind the firewall, use an F5 iApp. For details, see https://github.com/F5Networks/f5-azure-arm-templates/blob/master/experimental/reference/scripts/README.md.

Troubleshooting the F5 WAF

If you log in to the BIG-IP® Configuration utility, you might notice the following messages or warnings.

Warning: Source Template Has Changed
You can ignore this message. It might be displayed when you add an application to a WAF or reconfigure an application in Azure Security Center.
Changes Pending
You can ignore this message. If you made changes to ASM™ security policy, the changes are automatically synchronized to the WAF devices in your deployment through a device group called Sync. A separate device group called datasync-global-dg is synchronized manually and is the cause of the message.
Virtual servers may be in Unchecked status
You can ignore this message. Traffic will still be forwarded correctly through the virtual servers.
For HTTPS or SSL Offload, the WAF health status in Azure Security Center is Not Reported
To fix this issue, connect to the BIG-IP Configuration utility for one of the BIG-IP VEs. Click Local Traffic > Virtual Servers . Click the virtual server that ends in _redir_vs, click Resources, and from the Default Pool list, select the pool that was created with the deployment (the default is F5waf-880). Then click Update. Within a few minutes, the status in Azure Security Center changes to Healthy.

Find the BIG-IP VE registration key

If you are using a BYOL version of the F5 WAF, and you need to call F5 Support, you will need the registration key associated with BIG-IP® VE.
  1. In the Azure portal, in the left pane, click Browse > Resource groups .
  2. Click the name of your resource group and then in the SETTINGS area, click Deployments.
  3. Click the original deployment.
  4. In the Outputs section, copy the GUI-URL.
  5. Open a web browser window and paste the text.
    The BIG-IP Configuration utility opens.
  6. Log in to the BIG-IP Configuration utility with the username azureuser and the password you specified when you created the WAF.
  7. On the Main tab, click System > License and click Re-activate.
The key is displayed in the Base Registration Key field.

Delete a WAF

If you no longer need a WAF, you can delete it. The associated resource group and all related objects remain, and should be manually deleted.
  1. In the Azure portal, in the left pane, click Browse > Security Center .
  2. In the Prevention area, click the Partner solutions widget.
  3. On the Partner solutions blade, select the WAF you want to delete.
  4. On the blade for your WAF, in the Associated resources section, ensure that only one application is linked to the WAF.
  5. Click Delete solution.
  6. On the confirmation message, click Yes.
This deletes the WAF. If you would like, you can now associate the application with another WAF.
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)