Forum Discussion
NimbostratusModify multiple ASM policy via cli/API
Hello,
how can I modify multiple ASM Security Policy via CLI/API?
For example I would like to turn off
- Signature "Automated client access (Java)"
- Data Guard
on all (or some) of my policies.
Or is the "automatic-way" to export the policy and modify the XML and import it again?
With tmsh I scripted many modification for virtual servers but this seems to be not the right tool for ASM......
Version is 12.1.2
Thanks in advanced!
2 Replies
Chris_GrantEmployee
You can review the tmsh reference guide here:
https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/bigip-tmsh-reference-12-0-0.html
Be aware that there are very few things you can actually do from the command line in ASM, and regrettably neither of these are CLI options.
Marc_LeBeauFortunately it's not too difficult, after you sift through the mountain of dead end dox.
You can change this up as you'd like but here we go! First I recommend coming up with a friendly naming scheme. Make sure all your XML policies are the same name as your actual policy but add _new to each one i.e. your policy is called MY_POLICY on the ASM so your XML file with your new edits should be called MY_POLICY_new.xml Do this for all policies and then your script life will be a breeze here after.
So with this in mind, here's how I do it:
mkdir /shared/tmp/asm_push
SCP upload your XML policies to /shared/tmp/asm_push
write script to iterate through policy names and create variables
run this command to replace the variables. You're smart enough to figure out what they relate to :)
load /Common/$POLICYVAR overwrite file /shared/tmp/asm_push/$POLICYVAR_new.xml
Enjoy the extra years you'll gain in your wrists usage! I have over 200 ASM policies abroad that consist of 30 VERY custom policies I developed that we've had to manually load for years... UNTIL NOW!
