Manual Chapter : Predefined templates

Applies To:

Show Versions Show Versions

BIG-IP ASM

  • 16.0.0
Manual Chapter

Predefined templates

The security policy templates provide different security levels and consumes different levels of operational resources. The differences include blocking or transparent mode, manual or automatic learning of entities such as file types, URLs, parameters, cookies, and more, and violations.
The following are recommended predefined policy templates:
  • Rapid Deployment Policy (RDP)
    The Rapid Deployment Policy (RDP) policy template is recommended for beginners. It provides essential security with a low false-positive rate. This policy is transparent. It does not block or learn new entities, but only reports violations and learning suggestions to turn off signatures and features that create false-positives.
  • Fundamental
    The Fundamental policy template is recommended for intermediate users. It provides better security; actively blocks violations and automatically learns from false positives. It might require more time to operate and tune.
  • Comprehensive
    The Comprehensive policy template is recommended for expert users. It provides maximum security with all violations, features, and learning is turned on. It requires more time to operate and tune.
  • Passive Deployment Policy (PDP)
    The Passive Deployment Policy (PDP) policy template is similar to Comprehensive template but is meant to be used with a SPAN port, passively alerting for violations and turning off any feature that modifies the response.
  • Vulnerability Assessment Baseline
    The Vulnerability Assessment Baseline policy template is meant to be used with the results of a vulnerability assessment tool scan, and it turns off all unrelated security features.
  • API Security
    The API Security policy template is similar to RDP template but includes changes to benefit API Security, such as JSON, XML, and OpenAPI validations.
  • Application-Ready and Deprecated Templates
    The Application-Ready and Deprecated policy templates are meant to be used with specific applications and contain only the relevant signatures and features.
RDP
API Security
Fundamental
Comprehensive
Enforcement Mode
Transparent
Blocking
Blocking
Blocking
Policy Building Learning Mode
Manual
Manual
Automatic
Automatic
Application Language
UTF-8
UTF-8
Auto-detect
Auto-detect
Signature Sets
Generic Detection Signatures set
Generic Detection Signatures set
Generic Detection Signatures set
Generic Detection Signatures set
Enable Signature Staging
True
True
True
True
Learn Explicit URLs
Never
Never
Never
Compact
Learn Explicit WebSocket URLs
Never
Never
Never
Always
Learn Explicit Parameters
Never
Never
Selective
Compact
Learn Host Names
False
False
True
True
Learn Explicit Cookies
Never
Never
Never
Selective
Learn Explicit File Types
Never
Never
Compact
Compact