F5 Logo MyF5
Search
  1. MyF5 Home
  2. Knowledge Centers
  3. BIG-IQ Security
  4. BIG-IQ Security: Administration
  5. Managing Security Policies in BIG-IQ Web Application
Manual Chapter : Managing Security Policies in BIG-IQ Web Application

Applies To:

Show Versions Show Versions

BIG-IQ Security

  • 4.5.0
Manual Chapter
Table of Contents | << Previous Chapter | Next Chapter >>

About security policies in BIG-IQ Web Application Security

BIG-IQ Web Application Security imports ASM security policies from discovered BIG-IP devices and lists them in the Policies panel. Each security policy is assigned a unique identifier that it carries across the enterprise. This ensures that each policy is shown only once in the Policies panel, no matter how many devices it is attached to.

In the BIG-IQ Web Application Security repository, policies are in XML format.

Displaying and modifying security policy properties

Security policies are often created on BIG-IP devices and come into the BIG-IQ Web Application Security configuration when you discover the devices. You can view and modify the properties of individual security policies.
  1. In Web Application Security > Overview, navigate to the Policies panel.
  2. Hover over the name of a policy you want to edit, and click the gear icon. You enter the Policy Editor interface, with the select policy loaded into the editor.
  3. Edit the properties of each policy object as needed. Click the object to edit in the Policy objects list, and click the Edit button on the right side of the panel. For the Signatures List object only, click the Signatures List object, then click the signature name to edit in the Name column and click Edit.

    Each of these policy objects can be edited individually:

    • Properties
    • Response Page
    • Data Guard
    • IP Address
    • File Types
    • Parameters
    • Character Sets
    • Attack Signatures
    • Signatures List
  4. Click Save to save the modifications to each object.
The policy object is now edited in the working-config of the BIG-IQ system. Assuming the policy is assigned to a virtual server, the next deploy task sends the new configuration to one or more BIG-IP devices.

Adding security policies

You can use BIG-IQ Web Application Security to add new security policies for possible later deployment.
  1. Hover over the Policies panel until the (+) icon appears, and click it. The Policy Editor opens, showing required fields outlined in red.
  2. Specify the following information about the new Web Application Security policy:
    Option Description
    Name Any descriptive name for the new policy.
    Partition An administrative partition for storing this policy on the BIG-IP device. In most cases, the default (Common) is the best choice.
    Description Any description you choose for the policy.
    Specify any remaining fields as needed on the Properties screen. Other options are not accessible until you save these initial properties.
  3. Click Save when you are finished editing the properties. This makes the other policy objects available for editing.
  4. In the Policy objects list on the left, click the object to edit, and then click the Edit button. For the Signatures List object only, click the Signatures List object, then in the Name column, click the signature name you want to edit, then click Edit.

    The policy objects that can be edited include the following:

    • Properties
    • Response Page
    • Data Guard
    • IP Address
    • File Types
    • Parameters
    • Character Sets
    • Attack Signatures
    • Signatures List
  5. Click Save to save the modifications to each policy object before moving to another one.
The new policy object now exists in the working configuration of the BIG-IQ system. Now you can add it to any virtual server object in Web Application Security.

Importing security policies

You can use BIG-IQ Web Application Security to import security policies.
  1. Navigate to the Policies panel.
  2. Hover over the Policies header and when the import icon appears, click it.
  3. In the Import Policy File dialog box, select the security policy file by clicking Choose File and navigating to the file location, or you can drag-and-drop a file to the Drag and Drop File Here list. You can drag-and-drop a policy file onto the Source File area to view the content of the XML file.
  4. Click upload.
After import, the policy is listed in the Policies panel. The uploaded policy will have the same name as the XML file.

Exporting security policies

You can use BIG-IQ Web Application Security to export security policies (download the policy XML file) from the module.
  1. Navigate to the Policies panel.
  2. Hover over the name of the security policy you want to export, and hover over the gear icon to display the screen containing properties and actions.
  3. Click Export Policy on the screen.

Displaying items related to security policies

You can use BIG-IQ Web Application Security to display items related to a security policy.
  1. Navigate to the Policies panel.
  2. Hover over the name of the security policy and when the gear icon appears, hover over the gear and select Show Related Items from the menu.

Removing security policies

BIG-IQ Web Application Security provides a way to remove ASM security policies from the BIG-IQ database.
  1. Navigate to the Policies panel.
  2. Hover over the name of the policy you want to remove, and when the gear icon displays, hover over it and click Delete Policy.
  3. Click Remove in the Remove Policy dialog box..
The scurity policy is removed from the BIG-IQ system, and can be managed locally.
Table of Contents | << Previous Chapter | Next Chapter >>
Contact Support Contact Support

Have a Question?

Support and Sales >

About F5

Education

F5 Sites

Support Tasks




©2023 F5 Networks, Inc. All rights reserved.


Trademarks Policies Privacy California Privacy Do Not Sell My Personal Information