02-Aug-2021 10:32
You can use my ansible code for exporting and importing ASM policies. Please read the descrption:
https://devcentral.f5.com/s/articles/Ansible-playbook-to-export-and-import-ASM-security-policy-policy?page=1
---
- name: Exporting and importing the ASM policy
hosts: all
connection: local
become: yes
vars:
provider:
password: xxx
server: xxxx
user: xxxx
validate_certs: no
server_port: 443
vars_prompt:
- name: asm_policy
prompt: What is the name of the ASM policy?
private: no
tasks:
- name: Ansible delete file example
file:
path: "/home/niki/asm_policy/{{ asm_policy }}"
state: absent
when: inventory_hostname in groups['internal']
- name: Export policy in XML format
bigip_asm_policy_fetch:
name: "{{ asm_policy }}_preprod"
file: "{{ asm_policy }}"
dest: /home/niki/asm_policy/
binary: yes
provider: "{{ provider }}"
- name: Override existing ASM policy
bigip_asm_policy_import:
name: "{{ asm_policy }}_prod"
source: "/home/niki/asm_policy/{{ asm_policy }}"
force: yes
provider: "{{ provider }}"
notify:
- Save the running configuration to disk
- name: Task - deactivate policy
bigip_asm_policy_manage:
name: "{{ asm_policy }}_prod"
state: present
provider: "{{ provider }}"
active: no
- name: Task - activate policy
bigip_asm_policy_manage:
name: "{{ asm_policy }}_prod"
state: present
provider: "{{ provider }}"
active: yes
handlers:
- name: Save the running configuration to disk
bigip_config:
save: yes
provider: "{{ provider }}"