Forum Discussion

Peter_Baumann's avatar
Peter_Baumann
Icon for Cirrostratus rankCirrostratus
May 18, 2018

ASM: What is "Passive Deployment Policy" Template?

Hi all, In ASM v13.1.0 I try to figure out what the Passive Deployment Policy Template is exactly for.

 

I could not find any information in the documentation about it.

 

Also since v13 it is not possible to change the policy type after creation of a policy.

 

Does someone know where the v13.1.0 ASM "Generic Templates" are documented?

 

I know the Operations Guide for ASM, but it includes only a very basic description of the policy templates.

 

v13.1.0 Generic Templates:

 

* API Security

 

* Comprehensive

 

* Fundamental

 

* Passive Deployment Policy

 

* Vulnerability Assessement Baseline

 

Thanks for your help,

 

Peter

 

  • To clarify the documentation a bit, in passive mode, ASM analyzes a copy of the traffic but does not modify it. It cannot enforce any actions, but can log events and display reports. This method is non-intrusive and does not require configuring any VLANs or IP addresses. The use case for this is customers evaluating our products with minimal risk, no performance impact, and in need of quick deployment. A policy based on the Passive Deployment Template is recommended in this scenario because it cannot impact traffic.