Applying Auto ASM Policy via TMSH

Question

What I am trying to do is
enable ASM profileadd an ASM policy which is configured for Autopolicy
When done through the GUI it looks like this is the config. This is what I am trying to achieve on a large scale through tcl.
   policies {
            asm_auto_l7_policy__someserver.domain.com { }
        }
        profiles {
            ASM_someprofile-WAF { }
    }
`

How do I get the the system to "auto-generate" the policy component of "asm_auto_l7_policy__someserver.domain.com"?
Doing this
`modify ltm virtual /network-test/dumb2_443 profiles add {ASM_someprofile-WAF}`

results in an error that the policy does not match the asm-controlling policiy. I think it needs to be 
`modify ltm virtual /network-test/dumb2_443 profiles add {ASM_someprofile-WAF} policies add {INSERT DYNAMIC POLICY NAME?}`

But how do I get it to generate that dynamic policy? On the ASM its use autogenerate.
Here is what happens when I try the above
`modify ltm virtual /network-test/dumb2_443 profiles add {ASM_someprofile-WAF} policies add {asm_auto_l7_policy__dumb2_443}`

01070734:3: Configuration error: The bot-defense-asm profile /Common/ASM_someprofile-WAF was added to virtual server /network-test/dumb2_443 but it does not match the asm-controlling policy. The bot-defense-asm profile is added to the virtual server automatically.

Nothing actually changes though.

biv_59618 · Answer

So I have figured out I need to create the LTM policy first, through TMS this has been troublesome, if anyone can help me with the nested syntax, it has gotten very nested and just looking for a little help.
This is the end result I am aiming for:
ltm policy asm_auto_l7_test.com {
    controls { asm }
    requires { http }
    rules {
        default {
            actions {
                1 {
                    asm
                    enable
                    policy /Common/WAF
                }
            }
            ordinal 1
        }
    }
    status legacy
    strategy first-match
}

This is what I got but tripping up on the nested for rules subset
create ltm policy test1 controls add {asm} requires add {http} rules add {defualt {ordinal 1{} actions add{1{policy /Common/WAF}}}}

biv_59618 · Answer

Anyone had luck with this?&nbsp;

mjb109 · Answer

Old thread, but I just had this same problem, and this works on 13.1.3. Think you just need to add the "asm enable" before your final policy statementcreate /ltm policy '/Common/Drafts/asm_auto_l7_policy__MY-VIRTUAL' controls add { asm } requires add {http} rules add { default { ordinal 1 actions add { 1 { asm enable policy /Common/MY-WAF-POLICY } } } }

jeff_faelnar · Answer

I get error '01020036:3: The requested policy action (/Common/asm_auto_l7_policy__MY-VIRTUAL) was not found.' on Version&nbsp;&nbsp;15.1.0.5. Is there an updated command for this? Thanks!

ivan_chernenkii · Answer

Hello Jeff,&nbsp;tmsh command should look next: "create ltm policy name_of_ltm_policy controls add { asm } rules add { default { actions add { 1 {asm enable policy name_of_asm_policy } } } } strategy first-match legacy"

Forum Discussion

Applying Auto ASM Policy via TMSH

Recent Discussions

Reporting Help Needed

Switch ssl profile based on weak cipher detection via IRULE

F5 looses the token for the first call

iRule - Url rewrite and header replace and pool selection not working

full-proxy HTTP2

Related Content

F5 Access Policy Auto submit logon page

Apply a Policy to an SNAT list

How to use/apply an HTTP profile in an LTM policy

Trouble applying GoDaddy certificate to a virtual server

Access policy, LTM policy and iRules

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS