With BIG-IQ 8.0, F5 introduced a policy comparison feature. This allows you to bring up 2 web application firewall (WAF) policies and look at them side-by-side in a table format. The policies can be deployed on different BIG-IP’s or BIG-IP pairs, on virtual servers deployed for different applications.
This feature also allows the administrator to export report in PDF format for consumption outside of the BIG-IP/BIG-IQ. It also very useful to determine policy drift in cases where a policy is used to spawn other policies that, in turn, are tuned for the applications they protect.
This article will take you through the process of comparing 2 policies and exporting the report to PDF.
The “Compare Policies” feature is available from the Configuration menu on BIG-IQ. Ensure that you login to BIG-IQ with sufficient privileges to access and view the Application Security Policies and their contents.
The figure below shows how to access the policy by
· selecting the Configuration tab,
· highlighting the Security menu,
· expanding the item labelled Web Application Security,
· Selecting the Policies
Note that, selecting a policy in the window above provides valuable information about the policy and related configured items. In the example below, the asm-lab3 is selected and the interface shows an overview of the policy content and the related items such as the virtual server the policy is associated with.
Once on the Policies screen, you can select 2 and compare them as shown below:
The two policies configuration now appear side-by-side for inspection
The two-column view can be exported in PDF format for external consumption by clicking on the Export button.
Also, you can get the comparison in JSON format through BIG-IQ’s REST API by following these main steps:
1. Obtain a token to access the API to use with all subsequent requests
2. List the policies and find the references to the policies of interest by issuing a GET request to the following end-point: