For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

JustJozef's avatar
JustJozef
Icon for Cirrus rankCirrus
Jun 17, 2022
Solved

icontrol - policy not visible after import

Hello,

trying to import policy with REST API but after call "import-policy" it's not visible in GUI and in asm logs can see follow errors:

 

 

info perl[19936]: 01310053:6: ASMConfig change: Import Policy Task Import Policy Task (1655457572.770062) [add]: Target Name was set to sp_test_api_baseline.
info perl[19936]: 01310053:6: ASMConfig change: Import Policy Task Import Policy Task (1655457572.770062) [update]: Status was set to STARTED.
crit g_server_rpc_handler_async.pl[17881]: 01310027:2: ASM subsystem error (asm_config_server.pl,F5::ASMConfig::Handler::handle_error): Failed add for parameter [param_name = 'accessToken', param_level = '2', param_id = '7328']
crit g_server_rpc_handler_async.pl[17881]: 01310027:2: ASM subsystem error (asm_config_server.pl,F5::ASMConfig::Handler::handle_error): Code: 999, Error message = URL for Parameter not found -- aborting
crit g_server_rpc_handler_async.pl[17881]: 01310027:2: ASM subsystem error (asm_config_server.pl,F5::ASMConfig::Handler::log_error_and_rollback): Could not add the Parameter 'accessToken on GET /api/Token/Check'.  URL for Parameter not found -- aborting
crit g_server_rpc_handler_async.pl[17881]: 01310027:2: ASM subsystem error (asm_config_server.pl,F5::ASMConfig::Handler::log_error_and_rollback): Could not add the Parameter 'accessToken on GET /api/Token/Check'.  URL for Parameter not found -- aborting
crit g_server_rpc_handler_async.pl[17881]: 01310027:2: ASM subsystem error (asm_config_server.pl,F5::ImportExportPolicy::Base::fatal_error): Could not add the Parameter 'accessToken on GET /api/Token/Check'.  URL for Parameter not found -- aborting
info perl[19936]: 01310053:6: ASMConfig change: Import Policy Task Import Policy Task (1655457572.770062) [update]: Status was set to FAILURE.

 

 

Token for API is part of the X-F5-Auth-Token header.

Any idea what can be wrong here?

Thank you.

devops
  • JustJozef's avatar
    JustJozef
    Jun 28, 2022

    I just found that error reported in logs is correct!. It's not the issue with auth with icontrol and waf itself but there is a issue in swagger file where endpoint from log is with method "POST" instead "GET" so parameter accessToken cannot be related to the GET /api/Token/Check as it does not exist.

1 Reply

  • JustJozef's avatar
    JustJozef
    Icon for Cirrus rankCirrus
    Jun 28, 2022

    I just found that error reported in logs is correct!. It's not the issue with auth with icontrol and waf itself but there is a issue in swagger file where endpoint from log is with method "POST" instead "GET" so parameter accessToken cannot be related to the GET /api/Token/Check as it does not exist.