Is it possible to import just the ASM policies from a UCS backup?

Question

We have need to see some changes on our ASM policies and don't want to affect prod.  We have some UCS backups and would like to just restore them to a VM to do some comparisons.  Is there a way that we can use the UCS to just restore the ASM policies and nothing else?&nbsp;

philip_jonsson · Answer

Hey Randy
I'm afraid the ASM policy is stored in a mysql database that you can't access via the UCS directly.
I think the best way would be to fire up a BIG-IP VE using the same version as the intended system. Import it using the following checks:
no-license - This option mostly is for RMA use. It loads full configuration from a UCS file except license file.no-platform-check - Bypass platform check.
tmsh load sys ucs [UCS file] no-license no-platform-check
That way it will be easier to import the config. Do note that you will need a license for the BIG-IP VE but the free 90-day trial would most likely work.
You can then manually export the ASM policy to XML/Binary and re-import into your live box.
Please view the following: Manual Chapter: Importing and Exporting Security Policies
Hope this helps 🙂

Forum Discussion

AppWorld Berlin iRules Contest!

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

Recent Discussions

Related Content

Logging/Blocking possible prompt injection

F5 iApp Automated Backup

Encrypted UCS Backup with REST-API

Fine-Tuning F5 NGINX WAF Policy with Policy Lifecycle Manager and Security Dashboard

Complete F5 Automated Backup Solution