Manual Chapter : Upgrading HTTP Security Profiles to Security Policies

Applies To:

Show Versions Show Versions


  • 11.2.1
Manual Chapter
Customers who want to upgrade from the BIG-IP® Protocol Security Module to BIG-IP® Application Security Manager can use the Migration wizard to facilitate the upgrade process. The Migration wizard converts an HTTP security profile in the Protocol Security Module configuration to a security policy for a web application in Application Security Manager. If you are not familiar with the features of Application Security Manager, F5 Networks recommends you review this configuration guide before you perform the migration.
Important: You cannot reverse the migration process after converting Protocol Security Module security profiles into security policies in Application Security Manager.
The Migration wizard guides you through the steps necessary to transform HTTP security profiles from Protocol Security Module into baseline security policies in Application Security Manager. As part of the migration, you convert the HTTP security profile into an HTTP class. For detailed information on HTTP classes, refer to Chapter 3, Working with HTTP Classes.
On the Main tab, expand Protocol Security and click Migration.
The Create Application Security Class screen of the Migration wizard opens. The wizard automatically detects the virtual servers whose HTTP traffic profiles are associated with HTTP security profiles.
For the Virtual Server setting, select the virtual server for which you want to create an HTTP class.
For the Application Security Class setting, select the appropriate option to indicate the HTTP class you want to use:
Create new
Assigns a new class to the selected virtual server. In the field, type a name for the new class, using only alphanumeric characters and the underscore character. The system copies the security profile configuration to the new security policy.
Use existing
Assigns an existing class to the selected virtual server. Select an existing HTTP class with application security enabled from the list.
Note: If you select Use existing, the system does not copy the security profile configuration to the security policy. Also, if you then click Next, you cannot cancel the migration process.
Click Next.
The Summary screen opens.
Click Finish and complete the migration process as appropriate:
If you created a new HTTP class, the Migration wizard opens the Configure Security Policy Properties screen. Follow through the screens of the wizard to configure the security policy.
If you used an existing HTTP class, the migration is complete. The existing class is assigned to the virtual server selected when migrating.
Note: If you apply a security policy application template, the template overrides any settings that may have been imported by the Migration wizard.