For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Marvin_129795's avatar
Marvin_129795
Icon for Nimbostratus rankNimbostratus
Aug 27, 2018
Solved

Export AFM firewall rules using Icontrol

Hi All, I am trying to export the complete firewall rule list using RestAPI in version 12.1.3 but I get the following response: command used: $select=rulesReference&expandSubcollections=true v...
AFM
application delivery
export
f5 icontrol
lostpacket_5555's avatar
lostpacket_5555
Historic F5 Account
Aug 27, 2018

I think this may be an environmental issue. I tested the REST command (changing the destination host and BIG-IP version) using a similar policy name on versions 14.0.0, 13.1.0.8, and 12.1.3. The error was not reproduced.

 

Here are my tests & results:

 

12.1.3

 

curl -sk -u admin:admin -H "Content-Type: application/json" -X GET https://192.168.1.98/mgmt/tm/security/firewall/policy/~Common~DDCBU-Global/rules '{"kind":"tm:security:firewall:policy:policycollectionstate","selfLink":"https://192.168.1.98/mgmt/tm/security/firewall/policy?$select=rulesReference&ver=12.1.3","items":[{"rulesReference" {"link":"https://192.168.1.98/mgmt/tm/security/firewall/policy/~Common~DDCBU-Global/rules?ver=12.1.3","isSubcollection":true}},{"rulesReference" {"link":"https://192.168.1.98/mgmt/tm/security/firewall/policy/~Common~DDCBU-management/rules?ver=12.1.3","isSubcollection":true}},{"rulesReference" {"link":"https://192.168.1.98/mgmt/tm/security/firewall/policy/~Common~self-protect/rules?ver=12.1.3","isSubcollection":true}}]}'

 

Result

 

{"kind":"tm:security:firewall:policy:rules:rulescollectionstate","selfLink":";:[{"kind":"tm:security:firewall:policy:rules:rulesstate","name":"self-protect","fullPath":"self-protect","generation":85,"selfLink":";:{},"source":{"identity":{}}},{"kind":"tm:security:firewall:policy:rules:rulesstate","name":"no-icmp-ipv6","fullPath":"no-icmp-ipv6","generation":86,"selfLink":";:{},"source":{"identity":{}},"icmp":[{"name":"255"}]}]}

 

13.1.0.8

 

curl -sk -u admin:admin -H "Content-Type: application/json" -X GET https://192.168.1.74/mgmt/tm/security/firewall/policy/~Common~DDCBU-Global/rules '{"kind":"tm:security:firewall:policy:policycollectionstate","selfLink":"https://192.168.1.74/mgmt/tm/security/firewall/policy?$select=rulesReference&ver=13.1.0.8","items":[{"rulesReference" {"link":"https://192.168.1.74/mgmt/tm/security/firewall/policy/~Common~DDCBU-Global/rules?ver=13.1.0.8","isSubcollection":true}},{"rulesReference" {"link":"https://192.168.1.74/mgmt/tm/security/firewall/policy/~Common~DDCBU-management/rules?ver=13.1.0.8","isSubcollection":true}},{"rulesReference" {"link":"https://192.168.1.74/mgmt/tm/security/firewall/policy/~Common~self-protect/rules?ver=13.1.0.8","isSubcollection":true}}]}'

 

Result

 

{"kind":"tm:security:firewall:policy:rules:rulescollectionstate","selfLink":";:[{"kind":"tm:security:firewall:policy:rules:rulesstate","name":"no-udp","fullPath":"no-udp","generation":207,"selfLink":" UDP","ipProtocol":"udp","iruleSampleRate":1,"log":"no","status":"enabled","destination":{},"source":{"identity":{}}},{"kind":"tm:security:firewall:policy:rules:rulesstate","name":"no-ipv6-icmp","fullPath":"no-ipv6-icmp","generation":81,"selfLink":";:{},"source":{"identity":{}}}]}

 

14.0.0

 

curl -sk -u admin:admin -H "Content-Type: application/json" -X GET https://192.168.1.69/mgmt/tm/security/firewall/policy/~Common~DDCBU-Global/rules '{"kind":"tm:security:firewall:policy:policycollectionstate","selfLink":"https://192.168.1.69/mgmt/tm/security/firewall/policy?$select=rulesReference&ver=14.0.0","items":[{"rulesReference" {"link":"https://192.168.1.69/mgmt/tm/security/firewall/policy/~Common~DDCBU-Global/rules?ver=14.0.0","isSubcollection":true}},{"rulesReference" {"link":"https://192.168.1.69/mgmt/tm/security/firewall/policy/~Common~DDCBU-management/rules?ver=14.0.0","isSubcollection":true}},{"rulesReference" {"link":"https://192.168.1.69/mgmt/tm/security/firewall/policy/~Common~self-protect/rules?ver=14.0.0","isSubcollection":true}}]}'

 

Result

 

{"kind":"tm:security:firewall:policy:rules:rulescollectionstate","selfLink":";:[{"kind":"tm:security:firewall:policy:rules:rulesstate","name":"block-ping-ipv4","fullPath":"block-ping-ipv4","generation":277,"selfLink":";:{},"source":{"identity":{}}},{"kind":"tm:security:firewall:policy:rules:rulesstate","name":"do-nothing-rule","fullPath":"do-nothing-rule","generation":276,"selfLink":";:{},"source":{"identity":{}}},{"kind":"tm:security:firewall:policy:rules:rulesstate","name":"self-protect","fullPath":"self-protect","generation":275,"selfLink":";:{},"source":{"identity":{}},"icmp":[{"name":"1:3"},{"name":"255"}]}]}

 

Marvin's avatar
Marvin
Icon for Cirrocumulus rankCirrocumulus
Aug 28, 2018

curl -sk -u admin:admin -H "Content-Type: application/json" -X GET > testing.txt

 

The output is only partially being saved in the file not the whole response