Forum Discussion
NimbostratusTMSH 11.4 syntax
We are running 11.4 now with LTM and ASM on the same box. I add all of my VIPs, pools, etc. through TMSH. We would add an ASM HTTP profile by using the syntax: profiles add {Prod-HTTPClass_Profile} But now that profiles have been replaced with policies, I don't know the syntax. I've tried the same syntax, but get the error: ... "requires a profile of type websecurity for ltm policy /Common/Prod-HTTPClass_Profile" I've tried: policies add {Prod-HTTPClass_Profile} but that doesn't work. If I go to the GUI, and click on the 'Resources' tab, I can select that very same profile from within the 'Policies' section without any problem. Does anyone know what the new syntax is?
Many thanks, Kevin.
4 Replies
- Philippe_CLOUP
Employee
in 11.4, as you have noticed, HTTP Classes have been replaced by CPM (Central Policy Manager). With this module, you can send HTTP requests to ASM, based on the same logic (Host, URI, ...).
It is documented on ask.f5.com, in the 11.4 or 11.4.1 documentation (page 35-17) in the TMSH reference manual.
If you are not sure how you can create it from the CLI, you can also do the config using the GUI, and then use tmsh to retrieve the syntax used with "tmsh list ltm policy".
Kevin_Leicht_51That's not quite the problem I'm having. It's not that I'm trying to create a policy from the tmsh. I'm trying to add a policy to a virtual server. I've checked the 11.4.0 and 11.4.1 tmsh ref guide (35-59) and don't see a reference as to how to add a 'policy'. I've tried adding it with 'add profile ...' but it says it doesn't exist, and I've tried to add it with 'add policies ...' which is when I get the 'requires a profile of type websecurity...' message. If I go back and add it through the GUI, I see it listed in the 'policies {}' section with no change to the 'profiles {}' section so I'm thinking that this hasn't been fully implemented in tmsh yet. Also, I see that the documentation is wrong, because in 11.4.0 and 11.4.1 it still includes an http-class option in the virtual server section, but if you try to use it, tmos returns an error.
- Kevin_Leicht_51
Just to close the loop on this, I found the syntax I was looking for. I was missing the {websecurity} profile, so now, when I create a VIP from tmos, I use the syntax below, and can add the ASM DOS profile and policy successfully:
`create virtual VIPNAME_virt {destination VIPIP:PORT mask 255.255.255.255 snat automap profiles add {Analytics_profile} profiles add {OneConnect_profile} profiles add {VIPSSL_profile {context clientside}} profiles add {WanOptimized-HTTP_profile} profiles add {WanOptimized-HTTP_profile-compression} profiles add {LANOptimized-TCP_profile {context serverside}} profiles add {WANOptimized-TCP_profile {context clientside}} profiles add {WanOptimized-HTTP_profile-cache} persist replace-all-with {Cookie_profile} profiles add { websecurity } profiles add { HTTPClass_Profile--profile-dos} policies add { HTTPClass_Profile } pool VIPNAME_pool}`- Hex_168127Thanks Kevin, that's just what I needed!
