Applies To:

Show Versions Show Versions

Manual Chapter: Working with Application Security Manager
Manual Chapter
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Enterprise Manager simplifies security policy management by providing security policy synchronization among multiple BIG-IP® Application Security Manager devices. You stage and deploy security policies as changesets by creating a security policy changeset deployment task.
Enterprise Manager uses changesets to alter the configuration data that composes a Application Security Manager security policy. You can also configure staged changesets to deploy at another time.
To select policies from a source security device and create staged changesets to deploy to target security devices, you use the Stage a Security Policy Changeset wizard. You can also use the Stage a Security Policy Changeset wizard to set device-specific security policy settings, such as associated web applications.
For more information about Application Security Manager security policies, refer to the Configuration Guide for BIG-IP® Application Security Manager.
Note: When staging and deploying changesets, Enterprise Manager interprets the instance data based on metadata embedded in the configuration. Therefore, important binary configuration information is hidden because it cannot be edited.
Staging and deploying security policies to your Application Security Policy devices using the Stage Security Policy Changeset wizard involves three main procedures.
1.
On the Main tab, expand Enterprise Management, and click Tasks.
The Task list screen opens.
2.
In the Application Security section, click Stage a Security Policy Changeset.
3.
Click Next to start the Stage Security Policy Changeset wizard.
On the Step 1 screen of the Stage Security Policy Changeset wizard, you select a security policy and the devices on which to deploy the security policy.
1.
From the Source Device Group list, select the device group you want to display in the Source Device box, to which you want to deploy the security policy.
The Source Device box changes to show only the devices in the device group you selected.
2.
From the Source Device list, select the source device that contains the security policy you want to deploy.
The Security Policy box changes to show only the policies available on the source device you selected.
3.
From the Security Policy list, select the security policy that you want to deploy.
The security policy names correspond to the security policy names on the Application Security Manager system you selected.
4.
From the Target Device Group list, select an option.
The Compatible Devices table changes to display the devices in accordance with the option you selected.
5.
From the Target Device Filter list, select an option on which to filter and display the compatible devices based on the following criteria:
Compatible Devices in Standby Mode displays only compatible devices currently in Standby mode.
Compatible with Security Policy displays all devices compatible with the image that you selected in the Security Policy box.
Incompatible with Security Policy displays only devices that are not compatible with the selected security policy.
6.
In the Compatible Devices table, check the Select box next to the device that you want to update with the security policy you selected in the Security Policy box.
7.
Click Next to move to the screen where you select security policy changesets and verify security policy settings, Step 2 of 2.
On the Step 2 screen of the Stage Security Policy Changeset wizard, you can create a staged changeset and confirm security policy settings.
2.
From the Create Archive(s) box, select one of the following options for archiving information on the device:
Create archive for each device before deploying prompts the system to create a configuration archive of the target device before deployment.
Do not create archive prompts the system not to create a configuration archive of the target device before deployment.
3.
From the Archive Options box, specify whether to include private keys in the archive, if applicable.
4.
In the Policy Settings table, for Policy Name, type a name for the security policy on the target system.
5.
For Policy Description, type a description for the security policy on the target system.
6.
For Is policy active?, indicate whether you want to activate the security policy on the target system upon deployment.
7.
For Webapp name, select an web application from the list to associate with the deployed security policy on the target device.
8.
To use the settings you specified for steps 4 through 7, click the Copy to All button to copy the settings to all other target devices, where possible.
9.
Click Deploy Staged Changeset Now to deploy the staged changeset you configured or click Save Staged Changes to save the staged changeset to deploy at a later time.
The Staged Changesets table opens. When you deploy the security policy, the system stores it in the Common partition of the target device.
Note: When you upgrade an Application Security Manager device, the device detects an invalid signature file. The Enterprise Manager system then displays a message indicating that the signature file is out of date. To clear this message and finalize the upgrade, you can update the attack signature file. For information about how to update attack signatures, see Managing attack signatures for Application Security Manager.
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)