Technical Forum
Ask questions. Discover Answers.
Showing results for 
Search instead for 
Did you mean: 

Applying Auto ASM Policy via TMSH


What I am trying to do is

  • enable ASM profile
  • add an ASM policy which is configured for Autopolicy

When done through the GUI it looks like this is the config. This is what I am trying to achieve on a large scale through tcl.

   policies {
   { }
        profiles {
            ASM_someprofile-WAF { }

How do I get the the system to "auto-generate" the policy component of ""?

Doing this

`modify ltm virtual /network-test/dumb2_443 profiles add {ASM_someprofile-WAF}`

results in an error that the policy does not match the asm-controlling policiy. I think it needs to be

`modify ltm virtual /network-test/dumb2_443 profiles add {ASM_someprofile-WAF} policies add {INSERT DYNAMIC POLICY NAME?}`

But how do I get it to generate that dynamic policy? On the ASM its use autogenerate.

Here is what happens when I try the above

`modify ltm virtual /network-test/dumb2_443 profiles add {ASM_someprofile-WAF} policies add {asm_auto_l7_policy__dumb2_443}`

01070734:3: Configuration error: The bot-defense-asm profile /Common/ASM_someprofile-WAF was added to virtual server /network-test/dumb2_443 but it does not match the asm-controlling policy. The bot-defense-asm profile is added to the virtual server automatically.

Nothing actually changes though.


So I have figured out I need to create the LTM policy first, through TMS this has been troublesome, if anyone can help me with the nested syntax, it has gotten very nested and just looking for a little help. This is the end result I am aiming for:

ltm policy {
    controls { asm }
    requires { http }
    rules {
        default {
            actions {
                1 {
                    policy /Common/WAF
            ordinal 1
    status legacy
    strategy first-match

This is what I got but tripping up on the nested for rules subset

create ltm policy test1 controls add {asm} requires add {http} rules add {defualt {ordinal 1{} actions add{1{policy /Common/WAF}}}}


Anyone had luck with this?


Old thread, but I just had this same problem, and this works on 13.1.3. Think you just need to add the "asm enable" before your final policy statement

create /ltm policy '/Common/Drafts/asm_auto_l7_policy__MY-VIRTUAL' controls add { asm } requires add {http} rules add { default { ordinal 1 actions add { 1 { asm enable policy /Common/MY-WAF-POLICY } } } }

I get error '01020036:3: The requested policy action (/Common/asm_auto_l7_policy__MY-VIRTUAL) was not found.' on Version Is there an updated command for this? Thanks!

Hello Jeff,


tmsh command should look next: "create ltm policy name_of_ltm_policy controls add { asm } rules add { default { actions add { 1 {asm enable policy name_of_asm_policy } } } } strategy first-match legacy"