Forum Discussion
Export AFM firewall rules using Icontrol
Hi All,
I am trying to export the complete firewall rule list using RestAPI in version 12.1.3 but I get the following response:
command used: $select=rulesReference&expandSubcollections=true
ver=12.1.3.1","isSubcollection":true}}]}'expandSubcollections' is not recognized as an internal or external command
It seems the expandsubcollections command is not being recognized at all.
Complete response is:
{"kind":"tm:security:firewall:policy:policycollectionstate","selfLink":"https://localhost/mgmt/tm/security/firewall/policy?$select=rulesReference&ver=12.1.3.1","items":[{"rulesReference":{"link":"https://localhost/mgmt/tm/security/firewall/policy/~Common~DDCBU-Global/rules?ver=12.1.3.1","isSubcollection":true}},{"rulesReference":{"link":"https://localhost/mgmt/tm/security/firewall/policy/~Common~DDCBU-management/rules?ver=12.1.3.1","isSubcollection":true}},{"rulesReference":{"link":"https://localhost/mgmt/tm/security/firewall/policy/~Common~self-protect/rules?ver=12.1.3.1","isSubcollection":true}}]}'expandSubcollections' is not recognized as an internal or external command,
operable program or batch file.
I think this may be an environmental issue. I tested the REST command (changing the destination host and BIG-IP version) using a similar policy name on versions 14.0.0, 13.1.0.8, and 12.1.3. The error was not reproduced.
Here are my tests & results:
12.1.3
curl -sk -u admin:admin -H "Content-Type: application/json" -X GET https://192.168.1.98/mgmt/tm/security/firewall/policy/~Common~DDCBU-Global/rules '{"kind":"tm:security:firewall:policy:policycollectionstate","selfLink":"https://192.168.1.98/mgmt/tm/security/firewall/policy?$select=rulesReference&ver=12.1.3","items":[{"rulesReference" {"link":"https://192.168.1.98/mgmt/tm/security/firewall/policy/~Common~DDCBU-Global/rules?ver=12.1.3","isSubcollection":true}},{"rulesReference" {"link":"https://192.168.1.98/mgmt/tm/security/firewall/policy/~Common~DDCBU-management/rules?ver=12.1.3","isSubcollection":true}},{"rulesReference" {"link":"https://192.168.1.98/mgmt/tm/security/firewall/policy/~Common~self-protect/rules?ver=12.1.3","isSubcollection":true}}]}'
Result
{"kind":"tm:security:firewall:policy:rules:rulescollectionstate","selfLink":";:[{"kind":"tm:security:firewall:policy:rules:rulesstate","name":"self-protect","fullPath":"self-protect","generation":85,"selfLink":";:{},"source":{"identity":{}}},{"kind":"tm:security:firewall:policy:rules:rulesstate","name":"no-icmp-ipv6","fullPath":"no-icmp-ipv6","generation":86,"selfLink":";:{},"source":{"identity":{}},"icmp":[{"name":"255"}]}]}
13.1.0.8
curl -sk -u admin:admin -H "Content-Type: application/json" -X GET https://192.168.1.74/mgmt/tm/security/firewall/policy/~Common~DDCBU-Global/rules '{"kind":"tm:security:firewall:policy:policycollectionstate","selfLink":"https://192.168.1.74/mgmt/tm/security/firewall/policy?$select=rulesReference&ver=13.1.0.8","items":[{"rulesReference" {"link":"https://192.168.1.74/mgmt/tm/security/firewall/policy/~Common~DDCBU-Global/rules?ver=13.1.0.8","isSubcollection":true}},{"rulesReference" {"link":"https://192.168.1.74/mgmt/tm/security/firewall/policy/~Common~DDCBU-management/rules?ver=13.1.0.8","isSubcollection":true}},{"rulesReference" {"link":"https://192.168.1.74/mgmt/tm/security/firewall/policy/~Common~self-protect/rules?ver=13.1.0.8","isSubcollection":true}}]}'
Result
{"kind":"tm:security:firewall:policy:rules:rulescollectionstate","selfLink":";:[{"kind":"tm:security:firewall:policy:rules:rulesstate","name":"no-udp","fullPath":"no-udp","generation":207,"selfLink":" UDP","ipProtocol":"udp","iruleSampleRate":1,"log":"no","status":"enabled","destination":{},"source":{"identity":{}}},{"kind":"tm:security:firewall:policy:rules:rulesstate","name":"no-ipv6-icmp","fullPath":"no-ipv6-icmp","generation":81,"selfLink":";:{},"source":{"identity":{}}}]}
14.0.0
curl -sk -u admin:admin -H "Content-Type: application/json" -X GET https://192.168.1.69/mgmt/tm/security/firewall/policy/~Common~DDCBU-Global/rules '{"kind":"tm:security:firewall:policy:policycollectionstate","selfLink":"https://192.168.1.69/mgmt/tm/security/firewall/policy?$select=rulesReference&ver=14.0.0","items":[{"rulesReference" {"link":"https://192.168.1.69/mgmt/tm/security/firewall/policy/~Common~DDCBU-Global/rules?ver=14.0.0","isSubcollection":true}},{"rulesReference" {"link":"https://192.168.1.69/mgmt/tm/security/firewall/policy/~Common~DDCBU-management/rules?ver=14.0.0","isSubcollection":true}},{"rulesReference" {"link":"https://192.168.1.69/mgmt/tm/security/firewall/policy/~Common~self-protect/rules?ver=14.0.0","isSubcollection":true}}]}'
Result
{"kind":"tm:security:firewall:policy:rules:rulescollectionstate","selfLink":";:[{"kind":"tm:security:firewall:policy:rules:rulesstate","name":"block-ping-ipv4","fullPath":"block-ping-ipv4","generation":277,"selfLink":";:{},"source":{"identity":{}}},{"kind":"tm:security:firewall:policy:rules:rulesstate","name":"do-nothing-rule","fullPath":"do-nothing-rule","generation":276,"selfLink":";:{},"source":{"identity":{}}},{"kind":"tm:security:firewall:policy:rules:rulesstate","name":"self-protect","fullPath":"self-protect","generation":275,"selfLink":";:{},"source":{"identity":{}},"icmp":[{"name":"1:3"},{"name":"255"}]}]}
7 Replies
- Not sure about SNMP, but you can get the cpu usage information from the iControl System.SystemInfo.get_cpu_usage_information() method.
- I just upgraded to SOAP::Lite 0.66 and it turns out the SOAP::Lite folks have deprecated the "uri" subroutine (which was in the past the way to specify which namespace to use with the soap calls).
http://www.soaplite.com/2005/04/tturitt_and_ttu.html
Click here$soap = SOAP::Lite -> uri('urn:iControl:System/SystemInfo') -> proxy("$sProtocol://$sHost:$sPort/iControl/iControlPortal.cgi");
$soap = SOAP::Lite -> ns('urn:iControl:System/SystemInfo') -> proxy("$sProtocol://$sHost:$sPort/iControl/iControlPortal.cgi");
- Puli
Nimbostratus
Hi,
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com