Manual Chapter : Importing Web Application Security policies
Applies To:Show Versions
BIG-IQ Centralized Management
Importing Web Application Security policies
Web Application Security imports BIG-IP Application Security Manager™ (ASM) application security policies from discovered BIG-IP devices, and lists them on the Web Application Security policy editor Policies screen. Each security policy is assigned a unique identifier that it carries across the enterprise. This ensures that each policy is shown only once in the Policies screen ( ), no matter how many devices it is protecting. In the Web Application Security repository, policies are in XML format.
Policy compatibility with managed BIG-IP systems
ASM policies on managed BIG-IP systems must be compatible with your current version of BIG-IQ. Policies that are imported from, or exported to, a BIG-IP system that does not have proper version support, may result in unexpected policy behavior. This can include failed policy imports/exports and missing parameters.
For more information about BIG-IP version support on your current BIG-IQ system, see K34133507.
About subcollections in policiesIn BIG-IP,
Subcollectionsare groups of like objects you can configure to your policy. In BIG-IQ, all Web Application Security subcollections are available for management and configuration within the policy itself. Not all subcollections are visible in the Web Application Security policy editor. Generally, you can import and deploy most subcollections from BIG-IP device, however, management in using the BIG-IQ interface is not yet supported.
You cannot manage wildcard ordering for subcollections using the BIG-IQ Centralized Management user interface.