Learn mode helps to eliminate popups users will see when you first install CSA. It will assume an ALLOW action to all queries except ones that CSA considers unusual activity.
Any query that has a default ALLOW without learn mode turned on is automatically cached once learn mode so that users are not bombarded with popups during enforcement. Any denies that are allowed in learn mode, still show up as queries when learn mode is not enforced
I personally don't recommend using Learn mode, because i could cache ALLOW responses as an administration you would not wish to have. In my deployments I put everything in test mode and create exception rules and have all queries default to deny just to eliminate and confusion/annoyance from the end users in order to help make the security solution more accepted
In learn mode the queries with the default deny action are ALLOWED without prompting the user.
When you take of learn mode the user will now see a query for any default deny action.
If I were you though I would not use learn mode and run test mode in order to manually create your policies to take the end users out of the equation. I think this will save a lot of headaches in the long run.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...