Forum Discussion
NimbostratusHow to get ASM, DoS, and Logging Profiles Applied to a Virtual Server
Hello,
I'm trying to map ASM, DoS, and logging profiles as a reporting feature to some of my automation. At the most basic level if I query a particular virtual server I don't get great information on the security profiles.
b = ManagementRoot('myhost', 'admin', admin')
vip = b.tm.ltm.virtuals.virtual.load(name='myvs')
profiles = vip.profiles_s.get_collection()
for p in profiles:
print(p.name)
ASM_pytest.mtb.com SO MY ASM POLICY NAME
clientssl MY CLIENT SSL
f5-tcp-lan MY TCP CLIENT PROFILE
f5-tcp-wan MY TCP SERVER PROFILE
http MY HTTP PROFILE
serverssl MY SERVER SSL PROFILE
websecurity NOT SURE WHAT THIS IS?
What I'm trying to understand, is that ASM_ prepended to every ASM policy associated with a virtual server or is there a more accurate way to get the ASM policy name associated?
What is 'websecurity' and how do I use it?
How do I get the DoS and Logging Profiles associated with the virtual server?
- JRahm
Admin
Can you post a sanitized copy of your virtual server configuration (as show by a list command in tmsh)? And what version of TMOS are you using?
Matt_Bystrzak_2Sure.
I'm using v 13.1.1.3.
Here's the output:
ltm virtual vs_test_python_1 { description "A Python REST client test virtual server" destination 1.1.1.2:https ip-protocol tcp mask 255.255.255.255 policies { asm_auto_l7_policy__vs_test_python_1 { } } pool pool_test_python profiles { ASM_pytest.mtb.com { } clientssl { context clientside } f5-tcp-lan { context serverside } f5-tcp-wan { context clientside } http { } serverssl { context serverside } websecurity { } } source 0.0.0.0/0 translate-address disabled translate-port enabled vlans { some_vlans } vlans-enabled vs-index }- Matt_Bystrzak_2
So I quickly realized after this exercise that I don't have a DoS profile defined. So I defined one and it shows up under the profiles_s collection.
So that answers that question...I'm a putz. Sorry about that.
Logging profiles show up under security-log-profiles key outside of profiles{} I'm finding.
- JRahm
it looks like tmsh adds ASM_ to your policy when applied to the virtual server, as well as the websecurity profile. I'll need to see what that means for you in using the sdk, however. Standby.
- JRahm
(edited) Hi Matt, so you can create the vip up front with all the profiles and policies you need. Here's how I did it:
>>> profiles = [] >>> profiles.append({'name': 'tcp'}) >>> profiles.append({'name': 'http'}) >>> profiles.append({'name': 'clientssl'}) >>> profiles.append({'name': 'websecurity'}) >>> policies = [] >>> policies.append({'name': 'asm_auto_l7_policy__asmtestvip'}) >>> vip1 = b.tm.ltm.virtuals.virtual.create(name='testvip2', destination='192.16.102.42:443', mask='255.255.255.255', pool='asmtestvip', ipProtocol='tcp', profiles=profiles, policies=policies)
