For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Hannes_Rapp's avatar
Hannes_Rapp
Icon for Nimbostratus rankNimbostratus
Dec 06, 2016

 

1: Extract policy names and corresponding API IDs
  hannes@ubuntuBash$ curl -ku 'admin:admin' -X GET https://172.16.99.91/mgmt/tm/asm/policies | jq '.items[] | "pol_name:" + .name + ";api_id:" + .id'
  "pol_name:sp_fake.google.com;api_id:00TT7Lv-Yba2xcEZkjkc3A"
  "pol_name:sp_fake.github.com;api_id:cswJ2oCNNqbfdWMVWdzoTw"

2: Export policies natively on the appliance
  hannes@ubuntuBash$ curl -ku 'admin:admin' -X POST https://172.16.99.91/mgmt/tm/asm/tasks/export-policy -H 'Content-Type: application/json' -d '{"filename":"sp_fake.google.com.xml","policyReference":{"link":"https://localhost/mgmt/tm/asm/policies/00TT7Lv-Yba2xcEZkjkc3A"}}'
  hannes@ubuntuBash$ curl -ku 'admin:admin' -X POST https://172.16.99.91/mgmt/tm/asm/tasks/export-policy -H 'Content-Type: application/json' -d '{"filename":"sp_fake.github.com.xml","policyReference":{"link":"https://localhost/mgmt/tm/asm/policies/cswJ2oCNNqbfdWMVWdzoTw"}}'

3: Exported policies can be found on BigIP at '/var/ts/var/rest'
  [hannes@bip-01:Active:In-Sync] config  ls /var/ts/var/rest
  admin~sp_fake.github.com.xml  admin~sp_fake.google.com.xml

4: Download the exports: Issue a cURL to that policy, save output as a local file in your external file system.
  hannes@ubuntuBash$ curl -ku 'admin:admin' -X GET https://172.16.99.91/mgmt/tm/asm/file-transfer/downloads/sp_fake.google.com.xml >> sp_fake.google.com.xml
  hannes@ubuntuBash$ curl -ku 'admin:admin' -X GET https://172.16.99.91/mgmt/tm/asm/file-transfer/downloads/sp_fake.github.com.xml >> sp_fake.github.com.xml
  hannes@ubuntuBash$ ls
  sp_fake.google.com.xml sp_fake.github.com.xml

 

Voila! Note that this was done on 12.1.1. I think all of the above will work on 11.6.x too. On 11.5.x the 4th step will fail (not implemented error).