Is it possible to import just the ASM policies from a UCS backup?

Question

We have need to see some changes on our ASM policies and don't want to affect prod. We have some UCS backups and would like to just restore them to a VM to do some comparisons. Is there a way that we can use the UCS to just restore the ASM policies and nothing else?

philip_jonsson · Answer

Hey Randy
I'm afraid the ASM policy is stored in a mysql database that you can't access via the UCS directly.
I think the best way would be to fire up a BIG-IP VE using the same version as the intended system. Import it using the following checks:
no-license - This option mostly is for RMA use. It loads full configuration from a UCS file except license file.no-platform-check - Bypass platform check.
tmsh load sys ucs [UCS file] no-license no-platform-check
That way it will be easier to import the config. Do note that you will need a license for the BIG-IP VE but the free 90-day trial would most likely work.
You can then manually export the ASM policy to XML/Binary and re-import into your live box.
Please view the following: Manual Chapter: Importing and Exporting Security Policies
Hope this helps 🙂

Forum Discussion

Is it possible to import just the ASM policies from a UCS backup?

Recent Discussions

XC Bot defense question

Big-IP not recognized by Big-IQ

UCS backup not loading Big IP DNS pool

Application only need to access from 2 uris

In Radius auth, how to allow second attempt of token input when the first input is incorrect?

Related Content

Complete F5 Automated Backup Solution

Automated backup F5 configuration to remote server

Minimizing Security Complexity: Managing Distributed WAF Policies

F5 Automated Backups - The Right Way

XC Backup via API

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS