Forum Discussion
Export AFM firewall rules using Icontrol
- Aug 27, 2018
I think this may be an environmental issue. I tested the REST command (changing the destination host and BIG-IP version) using a similar policy name on versions 14.0.0, 13.1.0.8, and 12.1.3. The error was not reproduced.
Here are my tests & results:
12.1.3
curl -sk -u admin:admin -H "Content-Type: application/json" -X GET https://192.168.1.98/mgmt/tm/security/firewall/policy/~Common~DDCBU-Global/rules '{"kind":"tm:security:firewall:policy:policycollectionstate","selfLink":"https://192.168.1.98/mgmt/tm/security/firewall/policy?$select=rulesReference&ver=12.1.3","items":[{"rulesReference" {"link":"https://192.168.1.98/mgmt/tm/security/firewall/policy/~Common~DDCBU-Global/rules?ver=12.1.3","isSubcollection":true}},{"rulesReference" {"link":"https://192.168.1.98/mgmt/tm/security/firewall/policy/~Common~DDCBU-management/rules?ver=12.1.3","isSubcollection":true}},{"rulesReference" {"link":"https://192.168.1.98/mgmt/tm/security/firewall/policy/~Common~self-protect/rules?ver=12.1.3","isSubcollection":true}}]}'
Result
{"kind":"tm:security:firewall:policy:rules:rulescollectionstate","selfLink":";:[{"kind":"tm:security:firewall:policy:rules:rulesstate","name":"self-protect","fullPath":"self-protect","generation":85,"selfLink":";:{},"source":{"identity":{}}},{"kind":"tm:security:firewall:policy:rules:rulesstate","name":"no-icmp-ipv6","fullPath":"no-icmp-ipv6","generation":86,"selfLink":";:{},"source":{"identity":{}},"icmp":[{"name":"255"}]}]}
13.1.0.8
curl -sk -u admin:admin -H "Content-Type: application/json" -X GET https://192.168.1.74/mgmt/tm/security/firewall/policy/~Common~DDCBU-Global/rules '{"kind":"tm:security:firewall:policy:policycollectionstate","selfLink":"https://192.168.1.74/mgmt/tm/security/firewall/policy?$select=rulesReference&ver=13.1.0.8","items":[{"rulesReference" {"link":"https://192.168.1.74/mgmt/tm/security/firewall/policy/~Common~DDCBU-Global/rules?ver=13.1.0.8","isSubcollection":true}},{"rulesReference" {"link":"https://192.168.1.74/mgmt/tm/security/firewall/policy/~Common~DDCBU-management/rules?ver=13.1.0.8","isSubcollection":true}},{"rulesReference" {"link":"https://192.168.1.74/mgmt/tm/security/firewall/policy/~Common~self-protect/rules?ver=13.1.0.8","isSubcollection":true}}]}'
Result
{"kind":"tm:security:firewall:policy:rules:rulescollectionstate","selfLink":";:[{"kind":"tm:security:firewall:policy:rules:rulesstate","name":"no-udp","fullPath":"no-udp","generation":207,"selfLink":" UDP","ipProtocol":"udp","iruleSampleRate":1,"log":"no","status":"enabled","destination":{},"source":{"identity":{}}},{"kind":"tm:security:firewall:policy:rules:rulesstate","name":"no-ipv6-icmp","fullPath":"no-ipv6-icmp","generation":81,"selfLink":";:{},"source":{"identity":{}}}]}
14.0.0
curl -sk -u admin:admin -H "Content-Type: application/json" -X GET https://192.168.1.69/mgmt/tm/security/firewall/policy/~Common~DDCBU-Global/rules '{"kind":"tm:security:firewall:policy:policycollectionstate","selfLink":"https://192.168.1.69/mgmt/tm/security/firewall/policy?$select=rulesReference&ver=14.0.0","items":[{"rulesReference" {"link":"https://192.168.1.69/mgmt/tm/security/firewall/policy/~Common~DDCBU-Global/rules?ver=14.0.0","isSubcollection":true}},{"rulesReference" {"link":"https://192.168.1.69/mgmt/tm/security/firewall/policy/~Common~DDCBU-management/rules?ver=14.0.0","isSubcollection":true}},{"rulesReference" {"link":"https://192.168.1.69/mgmt/tm/security/firewall/policy/~Common~self-protect/rules?ver=14.0.0","isSubcollection":true}}]}'
Result
{"kind":"tm:security:firewall:policy:rules:rulescollectionstate","selfLink":";:[{"kind":"tm:security:firewall:policy:rules:rulesstate","name":"block-ping-ipv4","fullPath":"block-ping-ipv4","generation":277,"selfLink":";:{},"source":{"identity":{}}},{"kind":"tm:security:firewall:policy:rules:rulesstate","name":"do-nothing-rule","fullPath":"do-nothing-rule","generation":276,"selfLink":";:{},"source":{"identity":{}}},{"kind":"tm:security:firewall:policy:rules:rulesstate","name":"self-protect","fullPath":"self-protect","generation":275,"selfLink":";:{},"source":{"identity":{}},"icmp":[{"name":"1:3"},{"name":"255"}]}]}
I think this may be an environmental issue. I tested the REST command (changing the destination host and BIG-IP version) using a similar policy name on versions 14.0.0, 13.1.0.8, and 12.1.3. The error was not reproduced.
Here are my tests & results:
12.1.3
curl -sk -u admin:admin -H "Content-Type: application/json" -X GET https://192.168.1.98/mgmt/tm/security/firewall/policy/~Common~DDCBU-Global/rules '{"kind":"tm:security:firewall:policy:policycollectionstate","selfLink":"https://192.168.1.98/mgmt/tm/security/firewall/policy?$select=rulesReference&ver=12.1.3","items":[{"rulesReference" {"link":"https://192.168.1.98/mgmt/tm/security/firewall/policy/~Common~DDCBU-Global/rules?ver=12.1.3","isSubcollection":true}},{"rulesReference" {"link":"https://192.168.1.98/mgmt/tm/security/firewall/policy/~Common~DDCBU-management/rules?ver=12.1.3","isSubcollection":true}},{"rulesReference" {"link":"https://192.168.1.98/mgmt/tm/security/firewall/policy/~Common~self-protect/rules?ver=12.1.3","isSubcollection":true}}]}'
Result
{"kind":"tm:security:firewall:policy:rules:rulescollectionstate","selfLink":";:[{"kind":"tm:security:firewall:policy:rules:rulesstate","name":"self-protect","fullPath":"self-protect","generation":85,"selfLink":";:{},"source":{"identity":{}}},{"kind":"tm:security:firewall:policy:rules:rulesstate","name":"no-icmp-ipv6","fullPath":"no-icmp-ipv6","generation":86,"selfLink":";:{},"source":{"identity":{}},"icmp":[{"name":"255"}]}]}
13.1.0.8
curl -sk -u admin:admin -H "Content-Type: application/json" -X GET https://192.168.1.74/mgmt/tm/security/firewall/policy/~Common~DDCBU-Global/rules '{"kind":"tm:security:firewall:policy:policycollectionstate","selfLink":"https://192.168.1.74/mgmt/tm/security/firewall/policy?$select=rulesReference&ver=13.1.0.8","items":[{"rulesReference" {"link":"https://192.168.1.74/mgmt/tm/security/firewall/policy/~Common~DDCBU-Global/rules?ver=13.1.0.8","isSubcollection":true}},{"rulesReference" {"link":"https://192.168.1.74/mgmt/tm/security/firewall/policy/~Common~DDCBU-management/rules?ver=13.1.0.8","isSubcollection":true}},{"rulesReference" {"link":"https://192.168.1.74/mgmt/tm/security/firewall/policy/~Common~self-protect/rules?ver=13.1.0.8","isSubcollection":true}}]}'
Result
{"kind":"tm:security:firewall:policy:rules:rulescollectionstate","selfLink":";:[{"kind":"tm:security:firewall:policy:rules:rulesstate","name":"no-udp","fullPath":"no-udp","generation":207,"selfLink":" UDP","ipProtocol":"udp","iruleSampleRate":1,"log":"no","status":"enabled","destination":{},"source":{"identity":{}}},{"kind":"tm:security:firewall:policy:rules:rulesstate","name":"no-ipv6-icmp","fullPath":"no-ipv6-icmp","generation":81,"selfLink":";:{},"source":{"identity":{}}}]}
14.0.0
curl -sk -u admin:admin -H "Content-Type: application/json" -X GET https://192.168.1.69/mgmt/tm/security/firewall/policy/~Common~DDCBU-Global/rules '{"kind":"tm:security:firewall:policy:policycollectionstate","selfLink":"https://192.168.1.69/mgmt/tm/security/firewall/policy?$select=rulesReference&ver=14.0.0","items":[{"rulesReference" {"link":"https://192.168.1.69/mgmt/tm/security/firewall/policy/~Common~DDCBU-Global/rules?ver=14.0.0","isSubcollection":true}},{"rulesReference" {"link":"https://192.168.1.69/mgmt/tm/security/firewall/policy/~Common~DDCBU-management/rules?ver=14.0.0","isSubcollection":true}},{"rulesReference" {"link":"https://192.168.1.69/mgmt/tm/security/firewall/policy/~Common~self-protect/rules?ver=14.0.0","isSubcollection":true}}]}'
Result
{"kind":"tm:security:firewall:policy:rules:rulescollectionstate","selfLink":";:[{"kind":"tm:security:firewall:policy:rules:rulesstate","name":"block-ping-ipv4","fullPath":"block-ping-ipv4","generation":277,"selfLink":";:{},"source":{"identity":{}}},{"kind":"tm:security:firewall:policy:rules:rulesstate","name":"do-nothing-rule","fullPath":"do-nothing-rule","generation":276,"selfLink":";:{},"source":{"identity":{}}},{"kind":"tm:security:firewall:policy:rules:rulesstate","name":"self-protect","fullPath":"self-protect","generation":275,"selfLink":";:{},"source":{"identity":{}},"icmp":[{"name":"1:3"},{"name":"255"}]}]}
curl -sk -u admin:admin -H "Content-Type: application/json" -X GET > testing.txt
The output is only partially being saved in the file not the whole response
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com