For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

kkarim's avatar
kkarim
Icon for Nimbostratus rankNimbostratus
Jul 03, 2023
Solved

Big-IP add one Allowed Methods to an ASM Security Policy using the command line

Hello everyone 😀

I'm trying to finish my Big-IP setup with tmsh command line whithout any config modification on the Big-IP GUI.

I was able to find in the Big-IP documentation everything that I need except one step that I cannot find how to do without the GUI that is to add one Allowed Methods to a Security Policy on my ASM policy used on my BIG-IP WAF setup.

I found how to do it with the GUI with this and it is working as expected : https://techdocs.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-implementations-11-5-0/34.html

Now I'm trying to do this with the command line to automate this step with a script.
Is there any way to apply this configuration without the Big-IP GUI using only the command line tmsh ?

Thanks in advance for your support 

 

application delivery
security
  • whisperer's avatar
    whisperer
    Jul 03, 2023

    There may be a *better* way to do this actually. Why not use a test Virtual Server or a test virtual F5 instance to generate the ASM policy. That way, you can export it as XML or PLC and maintain a 'golden config' in a repo such as GitHub. You can then automate the import of this file 😕 Saves quite a bit on the TMSH commands, and you dont have to worry if the modification of a component has not been implemented. Please see the following:

    https://my.f5.com/manage/s/article/K00571548#export

    Just another way of solving this issue, and working around quite a few potential road blocks 😉

2 Replies

  • whisperer's avatar
    whisperer
    Icon for MVP rankMVP
    Jul 03, 2023

    There may be a *better* way to do this actually. Why not use a test Virtual Server or a test virtual F5 instance to generate the ASM policy. That way, you can export it as XML or PLC and maintain a 'golden config' in a repo such as GitHub. You can then automate the import of this file 😕 Saves quite a bit on the TMSH commands, and you dont have to worry if the modification of a component has not been implemented. Please see the following:

    https://my.f5.com/manage/s/article/K00571548#export

    Just another way of solving this issue, and working around quite a few potential road blocks 😉

  • kkarim's avatar
    kkarim
    Icon for Nimbostratus rankNimbostratus
    Jul 03, 2023

    Hi whisperer 🙂

    Thanks for the quick reply. 
    Will try your suggestion on my setup and get back to you.
    Hopefully this will solve my issue 🙂