iControl REST Cookbook - LTM policy (ltm policy)

This cookbook lists selected ready-to-use iControl REST curl commands for LTM policy related resources (the tmsh command 

xxx ltm policy
). Each recipe consists of the curl command and it's tmsh equivallent.

See also

Get a list of policies

The iControl REST call returns both drafts and published policies: In the /Common partition, they are located under

respectively. On the other hand, the tmsh equivalent command outputs only the ones under the current folder.

list ltm policy

curl -sku admin:admin https://<host>/mgmt/tm/ltm/policy

To get a specific published policy, just add its name to the URI.

list ltm policy <PublishedPolicy>

curl -sku admin:admin https://<host>/mgmt/tm/ltm/policy/<PublishedPolicy>

To get a specific draft policy, add the full path to the policy. Note that '~' (tilde) is used instead of '/' (slash) for the path delimiter.

list ltm policy Drafts/<TestPolicy>

curl -sku admin:admin https://<host>/mgmt/tm/ltm/policy/~Common~Drafts~<TestPolicy>

The rules in a policy is stored in the subcollections, hence the above calls return only links to the rules. To get the contents of the rules, use the

query option.

curl -sku admin:admin https://<host>/mgmt/tm/ltm/policy/~Common~Drafts~<TestPolicy>?expandSubcollections=true

Get the rules of a policy

The following call will get all the rules in the draft policy.

list ltm policy Drafts/<TestPolicy> rules

curl -sku admin:admin https://<host>/mgmt/tm/ltm/policy/~Common~Drafts~<TestPolicy>/rules?expandSubcollections=true

For obtaining the particular one, run this.

curl -sku admin:admin https://<host>/mgmt/tm/ltm/policy/~Common~Drafts~<TestPolicy>/rules/<SampleRule>?expandSubcollections=true

Create a draft policy

The following call creates a new draft policy with the 'first-match' strategy. Note that the path to the policy inside the post data uses '/'.

create ltm policy Drafts/<TestPolicy> strategy first-match

curl -sku admin:admin https://<host>/mgmt/tm/ltm/policy \
  -X POST -H "Content-type:application/json" \
  -d '{"name":"/Common/Drafts/<TestPolicy>", "strategy":"first-match"}'

To create (copy) a draft policy from the existing draft policy, run this. Note that the path to the existing draft policy (

argument) uses '/'.

create ltm policy /Common/Drafts/<TestPolicy2> copy-from /Common/Drafts/<TestPolicy>

curl -sku admin:admin https://<host>/mgmt/tm/ltm/policy?options=copy-from,/Common/Drafts/<TestPolicy> \
  -X POST -H "Content-type:application/json" \
  -d '{"name":"/Common/Drafts/<TestPolicy2>"}'

Adding a rule to the draft policy

modify ltm policy Drafts/<TestPolicy> rules add { <SampleRule> { description sat1 } }

curl -sku admin:admin https://<host>/mgmt/tm/ltm/policy/~Common~Drafts~<TestPolicy>/rules \
  -X POST -H "Content-type:application/json" \
  -d '{"name":"<SampleRule>", "description":"sat1" }'

Modifying the rule

modify ltm policy Drafts/<TestPolicy> rules modify { <SampleRule> { description "Hello World"} }

curl -sku admin:admin https://<host>/mgmt/tm/ltm/policy/~Common~Drafts~<TestPolicy>/rules/<SampleRule> \
  -X PATCH -H "Content-type:application/json" \
  -d '{"description":"Hello World" }'

Deleting the rule from the draft policy

modify ltm policy Drafts/<TestPolicy> rules delete { <SampleRule> }

curl -sku admin:admin https://<host>/mgmt/tm/ltm/policy/~Common~Drafts~<TestPolicy>/rules/<SampleRule> -X DELETE

Deleging the draft policy

delete ltm policy Drafts/<TestPolicy>

curl -sku admin:admin https://<host>/mgmt/tm/ltm/policy/~Common~Drafts~<TestPolicy> -X DELETE

Publishing the draft policy

publish ltm policy Drafts/<TestPolicy>

curl -sku admin:admin https://<host>/mgmt/tm/ltm/policy \
  -X POST -H "Content-type: application/json" \
  -d '{"command":"publish", "name":"Drafts/<TestPolicy>"}'

Creating the draft policy from a published policy

modify ltm policy <PublishedPolicy> create-draft

curl -sku admin:admin https://<host>/mgmt/tm/ltm/policy/<PublishedPolicy>?options=create-draft \
  -X PATCH -H "Content-type: application/json" \
  -d '{}'

Modifying a virtual

To replace the policies attached to a virtual with a specific published policy, run this

modify ltm virtual <vs> policies replace-all-with { <PublishedPolicy> }

curl -sku admin:admin https://<host>/mgmt/tm/ltm/virtual/<vs>/policies \
  -H "Content-type: application/json" -X POST \
  -d '{"name":<PublishedPolicy>}'

To remove the policies from a virtual, run this

curl -sku admin:admin https://<host>/mgmt/tm/ltm/virtual/<vs> \
  -H "Content-type: application/json" -X PATCH \
  -d '{"policiesReference":{ "items":[] } }'
Updated Jun 06, 2023
Version 2.0

Was this article helpful?


  • How you do the same with transactions ? it doesn't work for me... Publishing seems to have problems....


  • It doesn't work for me the API for replace the policies attached to a virtual server,


    curl -sku admin:default \

     -H "Content-type: application/json" -X POST \

     -d '{"name":policy_sorrypage}' | jq . -M


     "code": 400,

     "message": "Found invalid JSON body in the request.",

     "errorStack": [],

     "apiError": 1



    where is the error?



  • Thank you! I had solved in any case, if necessary I share you


  • Is there a way to updaate policies associated to a VS and guarantee the order in which they are going to be executed. I have tried the following

    curl -sku admin:admin https://<host>/mgmt/tm/ltm/virtual/~part1~VS1 \
      -H "Content-type: application/json" -X PATCH \
      -d '{"policiesReference":{ "items":[{"name":"policy1","partition":"part1"}, {"name":"policy2","partition":"Common"}] }}'

    but when I look in the UI at the resources and policies assigned to the VS, the /Common/policy2 comes before "/part1/policy1" , where I want the/part1/policy1 to be executed first

  • Here is the get of the VS1/policies API, which also shows them in reversed order