Last Modified: Jul 12, 2023
Affected Product(s):
BIG-IQ Applications
Known Affected Versions:
7.0.0, 7.0.0.1, 7.0.0.2, 7.1.0, 7.1.0.1, 7.1.0.2, 7.1.0.3, 7.1.6, 7.1.6.1, 7.1.7, 7.1.7.1, 7.1.7.2, 7.1.8, 7.1.8.1, 7.1.8.2, 7.1.8.3, 7.1.8.4, 7.1.8.5, 7.1.9, 7.1.9.7, 7.1.9.8, 7.1.9.9
Opened: Jul 02, 2019 Severity: 4-Minor
An incorrect enforcement mode is displayed in BIG-IQ's dashboards for AS3 application's Web Application Security services, when a user makes changes to the enforcement mode. To get the correct protection mode displayed on the L7 Security dashboard, you must discover and import the ASM service to BIG-IP before and after you update an AS3 Web Application Security policy (WAF) and deploy it a BIG-IP device.
The protection mode in the Applications (Applications > APPLICATIONS) and L7 Security Dashboard (Monitoring > DASHBOARDS > L7 Security) might not be correct.
WAF protection is deployed with an AS3 application using an ASM policy referenced in the following declaration: "policyWAF": { "bigip": "/Common/asm-policy-name" } This does not apply to AS3 application referencing the ASM policy in a URL.
If you have made changes to an AS3 application's enforcement mode, and do not see your deployed changes reflected in BIG-IQ, use one of the following workflows: If user roles of security manager or admin were used to make enforcement mode changes: 1. Login as the security manager user role to the BIG-IQ system. 2. Discover and import the BIG-IP device that hosts the ASM policy and AS3 WAF application. To manually redeploy the AS3 application and trigger an update: 1. Go to Applications > APPLICATIONS and select the application and then the affected AS3 application service 2. Select Properties icon from the map at the center of the screen. 3. Select the Configuration tab at the center of the screen. 4. Enter a value in the description field. 5. Click Save. Once saved, the AS3 application is refreshed and information about the enforcement mode should display as expected.
None