Automate WAF Policy Migration

Challenge

With the explosion of the Internet of Things (IoT), the number of web-facing applications that require management and security has quickly jumped from hundreds to thousands. Enterprises generally prefer to migrate their public-facing web applications from an on-premises location to cloud, meaning security teams must migrate hardened Web Application Firewall (WAF) policies to get applications production-ready.

Unfortunately, this is no easy task, especially for teams that opt for a traditional, manual approach, which is both time-consuming and error-prone.

Solution

The AppViewX platform offers a solid foundation to start your automation journey. The AppViewX SECURITY+ module enables the agility necessary to discover and manage WAF policies, while AUTOMATION+ offers the flexibility to build standards-compliant automation workflows to enable the self-servicing of common service requests from application teams.

This Reference Implementation offers sample automation workflows used to migrate WAF policy from one F5 BIG-IP Application Security Manager (ASM) instance to another using ITSM integration.

The workflows provide the flexibility to

  • Self-service F5 BIG-IP ASM policy migration with role-based access control
  • Migrate WAF policy between F5 BIG-IP ASM physical or virtual instances
  • Migrate WAF policy from lower versions to higher versions or between the same versions of F5 BIG-IP ASM
  • Associate the migrated WAF policy to virtual servers on the destination F5 BIG-IP ASM
  • Apply ITSM (ServiceNow) integration to aid in approvals and governance

Deployment

To automate F5 BIG-IP ASM policy migration in your existing infrastructure, try the Reference Implementation workflow. While the template provides a solid foundation for your workflow, it can also be tailored to meet your business needs.

To get started today, download the free version of AppViewX with preloaded automation workflows, or import the F5 BIG-IP ASM Policy Migration workflow into your existing AppViewX instance.