Manual Chapter :
Predefined templates
Applies To:
Show Versions
BIG-IP ASM
- 16.0.0
Predefined templates
The security policy templates provide different security levels and consumes different levels of operational resources. The differences include blocking or transparent mode, manual or automatic learning of entities such as file types, URLs, parameters, cookies, and more, and violations.
The following are recommended predefined policy templates:
- Rapid Deployment Policy (RDP)The Rapid Deployment Policy (RDP) policy template is recommended for beginners. It provides essential security with a low false-positive rate. This policy is transparent. It does not block or learn new entities, but only reports violations and learning suggestions to turn off signatures and features that create false-positives.
- FundamentalThe Fundamental policy template is recommended for intermediate users. It provides better security; actively blocks violations and automatically learns from false positives. It might require more time to operate and tune.
- ComprehensiveThe Comprehensive policy template is recommended for expert users. It provides maximum security with all violations, features, and learning is turned on. It requires more time to operate and tune.
- Passive Deployment Policy (PDP)The Passive Deployment Policy (PDP) policy template is similar to Comprehensive template but is meant to be used with a SPAN port, passively alerting for violations and turning off any feature that modifies the response.
- Vulnerability Assessment BaselineThe Vulnerability Assessment Baseline policy template is meant to be used with the results of a vulnerability assessment tool scan, and it turns off all unrelated security features.
- API SecurityThe API Security policy template is similar to RDP template but includes changes to benefit API Security, such as JSON, XML, and OpenAPI validations.
- Application-Ready and Deprecated TemplatesThe Application-Ready and Deprecated policy templates are meant to be used with specific applications and contain only the relevant signatures and features.
RDP | API Security | Fundamental | Comprehensive | |
---|---|---|---|---|
Enforcement Mode | Transparent | Blocking | Blocking | Blocking |
Policy Building Learning Mode | Manual | Manual | Automatic | Automatic |
Application Language | UTF-8 | UTF-8 | Auto-detect | Auto-detect |
Signature Sets | Generic Detection Signatures set | Generic Detection Signatures set | Generic Detection Signatures set | Generic Detection Signatures set |
Enable Signature Staging | True | True | True | True |
Learn Explicit URLs | Never | Never | Never | Compact |
Learn Explicit WebSocket URLs | Never | Never | Never | Always |
Learn Explicit Parameters | Never | Never | Selective | Compact |
Learn Host Names | False | False | True | True |
Learn Explicit Cookies | Never | Never | Never | Selective |
Learn Explicit File Types | Never | Never | Compact | Compact |