Forum Discussion

kkarim's avatar
kkarim
Icon for Nimbostratus rankNimbostratus
Jul 03, 2023

Big-IP add one Allowed Methods to an ASM Security Policy using the command line

Hello everyone 😀

I'm trying to finish my Big-IP setup with tmsh command line whithout any config modification on the Big-IP GUI.

I was able to find in the Big-IP documentation everything that I need except one step that I cannot find how to do without the GUI that is to add one Allowed Methods to a Security Policy on my ASM policy used on my BIG-IP WAF setup.

I found how to do it with the GUI with this and it is working as expected : https://techdocs.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-implementations-11-5-0/34.html

Now I'm trying to do this with the command line to automate this step with a script.
Is there any way to apply this configuration without the Big-IP GUI using only the command line tmsh ?

Thanks in advance for your support 

 

application delivery
security
  • whisperer's avatar
    whisperer
    Jul 03, 2023

    There may be a *better* way to do this actually. Why not use a test Virtual Server or a test virtual F5 instance to generate the ASM policy. That way, you can export it as XML or PLC and maintain a 'golden config' in a repo such as GitHub. You can then automate the import of this file 😕 Saves quite a bit on the TMSH commands, and you dont have to worry if the modification of a component has not been implemented. Please see the following:

    https://my.f5.com/manage/s/article/K00571548#export

    Just another way of solving this issue, and working around quite a few potential road blocks 😉

  • whisperer's avatar
    whisperer
    Icon for MVP rankMVP
    Jul 03, 2023

    There may be a *better* way to do this actually. Why not use a test Virtual Server or a test virtual F5 instance to generate the ASM policy. That way, you can export it as XML or PLC and maintain a 'golden config' in a repo such as GitHub. You can then automate the import of this file 😕 Saves quite a bit on the TMSH commands, and you dont have to worry if the modification of a component has not been implemented. Please see the following:

    https://my.f5.com/manage/s/article/K00571548#export

    Just another way of solving this issue, and working around quite a few potential road blocks 😉

  • kkarim's avatar
    kkarim
    Icon for Nimbostratus rankNimbostratus
    Jul 03, 2023

    Hi whisperer 🙂

    Thanks for the quick reply. 
    Will try your suggestion on my setup and get back to you.
    Hopefully this will solve my issue 🙂