As your web servers change, you may periodically want to run auto-learning for them on a smaller scale.
For example, perhaps you will install or update a web application or web server, resulting in new structures and different vulnerabilities.
However, for most day-today use, auto-learning should be disabled and your protection profiles fully applied.
1. To apply a profile generated by auto-learning, select it in Web Protection Profile in a server policy (see Configuring a server policy).
2. If, during auto-learning, any Action in the protection profile or its auxiliary components was set to Alert & Deny or Alert & Erase, verify that those same actions are applied in the protection profile that you generated from auto-learning data. (Incomplete session data due to those actions may have caused auto-learning to be unable to detect those attack types.)
3. If necessary, either:
4. Modify the policy to select your newly generated profile in Web Protection Profile.
5. To validate the configuration, test it (see Testing your installation.)
6. When you are done collecting auto-learning data and generating your configuration, to improve performance, disable auto-learning by deselecting the auto-learning profile in Auto Learn Profile in all server policies.
7. Disable Monitor Mode.