Forum Discussion
NimbostratusASM Policy export and import
Chaps,
We are in the process of migrating out of a data centre to a new DC location. The migration is going very well at the moment but the next set of migrations include 10 ASM policies that also have to be moved from DC1 to the new DC location onto an existing LTM.
Both LTM's are runing on BIG-IP 10.2.0 Build 1755.1 Hotfix HF1.
Both have the ASM licensed.
My question:
Is there an easy way to export the current policies installed and import those policies into the new location LTM? The new location doesnt have any policies configured and for all intents and purposes is a newly installed LTM.
I see Aaron has a handy perl script to export but it doesnt include the version we are currently using.
Anyone done this before? Any caveats we should be aware of?
Pete
13 Replies
natheCirrocumulus
Pete,
I've certainly done similar migrations and have just used the Export / Import facility in the ASM gui. If I remember correctly it will ask you to re-confirm couple of options applicable to each policy, Application Language for example. In v11 it has a nice Overview - Summary feature which highlighted things I needed to look at / amend in the new policy e.g. one feature that was configurable in v9.x but replaced by another one in v11. Can't recall if v10 has this feature, hopefully so. As you're migrating to the same ASM version then, you would hope, it would be a smooth import.
For good practice I'd make sure the Attack Sigs were at the same version on both appliances too.
Hope this helps,
N
PeteWThanks Nathan just what I wanted to read :)
Pete
- PeteW
Hmm this is quite disconcerting, we've come to import the policy and there is NO import option at all? Nada, Zero!
am I missing something? The device is licensed and the module active so where is the import option?
any guidance is much appreciated guys.
Christophe_ThysSame problem as PeteW, I'm missing the Import button.
Since I needed a duplicate of this policy on the same box, I managed to do that using templates.
Still I'd like to see that Import button again.- PeteW
Chris,
I had to make sure the module was active and licesed. If it is you need to create the HTTP classes that the imported policy will use. Once I created the config, updated the attack signatures only then was I presented the IMPORT button to import the policy.
Hope this helps chap.
Pete - Christophe_Thys
Well this is so stupid. Seems the import button is located to the right, and my screen didn't show averything. I had to scroll my browser to the right.
Mike_MaherYes your right that is kind of a stupid layout. I never did understand why they put some buttons on the lower left and some on the upper right. Then if you don't have a wide screen monitor you don't notice the upper right.
Kevin_Leicht_51Clearly I must be missing something. In 11.4 I want to create a new policy based on an existing policy, but turn on blocking for web scraping in the new policy. I managed to get the original policy exported, but when I go to import, the only option I have is to overwrite an existing policy. Is there a way to basically create a copy of a policy with a new name?
- PeteW
Hmm how about creating a new policy then choose to import and overwrite the new one you've just created?
- Kevin_Leicht_51
You win. I had almost tried that, but in the GUI when you get to the import step, it gives you a different name for the policy (_2) and I didn't proceed. But this time, I did, and sure enough, it kept my original name. Thanks much.
