Forum Discussion

Cirrostratus

Jan 29, 2020

ng_export with Per Request Policies

Does anyone know if ng_export cli will work with per request policies (PRP). Access Profile Export utility v14.1 Usage: ng_export [-t|-type access_policy] <name> <filename> [-p|-partition <pa...

application delivery

BIG-IP Access Policy Manager (APM)

security

Lucas_Thompson
Jan 30, 2020
You can already do it with normal policies, no reverse engineering needed.
https://clouddocs.f5.com/products/extensions/f5-appsvcs-extension/latest/refguide/schema-reference.html

However that ID 755148 refers to API Protection policies. These are the same as PRPs, but they have a different "type" (I'm sure you noticed already).

The other thing is:
The way I do this usually when I'm creating labs or other material is to walk the configuration hirearchy (policy items, agents, policy, profile, customization groups) and then turn it into a pile of TMSH commands, then use the commands to create a policy. It's kind of fragile between versions, but mostly works fine.

Walter_Kacynski

Cirrostratus

Jan 30, 2020

I see, so you would use a lab box exclusively. The only challenge is that there once this config is live on a box, making changes become difficult as one would have to change all virtuals referencing the updated profile(s).

I'm going to 15.1 ASAP, is there something that is notability different for profile duplication?

It would REALLY be awesome if access profiles worked like ASM policies. A single XML file with all the customization groups.

Lucas_Thompson
Employee
Jan 30, 2020
Agreed, yeah it would be nice. APM's schema is pretty complicated compared to ASM. But in the end these are all MCP objects that you can create with TMSH (aside from the files that appear in cache-path of various MCP objects).
15.1 brings a much more effective customization system that has a better separation of code and content, so instead of re-writing existing pages you just use CSS overrides in "user-*" files in customization groups.
15.1's login pages, message boxes, and webtop also uses Angular now instead of the proprietary mechanism used in older versions. So an Angular dev should be able to easily customize.

We're working on a customization example guide and hope to have it published on clouddocs (or here) in the next month or so.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

ng_export with Per Request Policies

Recent Discussions

Which process is consuming higher CPU

F5 Health Monitor Receive String as JSON

Background Tasks

SSL bridging without SSL proxy forward

Big-IP VE edition for MacBook M4 Chip

Related Content

Access policy, LTM policy and iRules

Manage F5 BIG-IP Advanced WAF Policies with Terraform (Part 2 - Policy Import)

Manage F5 BIG-IP Advanced WAF Policies with Terraform (Part 4 - Policy Lifecycle management)

Evaluate WAF Policy with BIG-IQ Policy Analyzer

LTM Policy Options Clarification

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS