Manual Chapter : Managing Security Policies in BIG-IQ Web Application

Applies To:

Show Versions Show Versions

BIG-IQ Security

  • 4.4.0
Manual Chapter

About security policies in BIG-IQ Web Application Security

BIG-IQ Web Application Security imports ASM security policies from discovered BIG-IP devices and lists them in the Policies panel. Each security policy is assigned a unique identifier that it carries across the enterprise. This ensures that each policy is shown only once in the Policies panel, no matter how many devices it is attached to.

In the BIG-IQ Web Application Security repository, policies are in XML format.

Displaying security policy properties

With BIG-IQ Web Application Security, you can easily view the properties of individual security policies.
  1. In Web Application Security, navigate to the Policies panel.
  2. Hover over the name of the specific policy, and click the gear icon to display the expanded panel containing properties and actions.

Security policy properties

Security policy properties are read-only and displayed for informational purposes only.

Property Description
Name Name of the security policy.
Full Path Full path, including partition, to the security policy on the BIG-IP device.
Description Optional description for the security policy.
Last Updated At FQDN for the BIG-IP device where the security policy was last updated.
Last Updated Time Time the security policy was last updated in YYYY-MM-DDTHH:MM:SSZ format. Example: 2013-11-14T16:16:03Z.
Last Policy Name Security policy name, including partition.
Source Device FQDN and self IP address for the BIG-IP device where the security policy is located.

Exporting security policies

You can use BIG-IQ Web Application Security to export security policies (download the policy XML file) from the module to an application or to a user-designated location.
  1. Navigate to the Policies panel.
  2. Hover over the name of the security policy you want to export, and click the gear icon to display the screen containing properties and actions.
  3. Click the Export button at the top of the policy screen.
  4. In the dialog box, indicate how to process the policy by selecting either:
    • Open with and select an application from the menu.
    • Save File and provide a location.
  5. Click Save.

Reimporting security policies

If security policies fall out of sync between BIG-IQ Web Application Security and the policy sources on managed BIG-IP devices, you can reimport policies to bring them back into sync.
  1. Navigate to the Policies panel.
  2. Hover over the policy you want to reimport, and click the gear icon to display the expanded panel containing properties and actions.
  3. Click the Reimport from Device button to the right of the Source Device field.

    This action is not available if the policy source is a file. In such cases, click Change Source to change the Source Device field to list devices containing the specified policy.

Removing security policies

BIG-IQ Web Application Security provides a way to remove ASM security policies from the BIG-IQ database.
  1. Navigate to the Policies panel.
  2. Hover over the name of the policy you want to remove, and click the gear icon to display the screen containing properties and actions.
  3. Click the Remove button at the top of the expanded panel. You will not receive a confirmation dialog box.
Security policies are removed from the BIG-IQ system, and security policies can be managed locally.