14-May-2021 08:48
Being old-school, I've appreciated F5's option of allowing (LTM) configuration using either CLI (BPSH, TMSH) or GUI (Configuration Utility/TMUI). However, now, familiarising myself with ASM, K82512024: Managing BIG-IP ASM Live Updates (14.1.x and later) I'm not seeing TMSH equivalent of setting 'Real Time', 'Scheduled' for 'Installation of Automatically Downloaded Updates' setting. Is it there?
Is F5 becoming less committed about CLI parity or is this ASM-specific limitation?
03-Sep-2021 00:14
There is a KB article for managing the update schedule by tmsh:
K94125220: Managing BIG-IP ASM attack signatures installation schedule using tmsh
It has a publishing date of June 03, 2021. So it was published roughly a month after you posted your question.
I agree that sometimes it's a bit cumbersome to find tmsh or CLI commands for managing AdvWAF. Doesn't mean the commands are not there - just harder to find.
03-Sep-2021 00:48
Thank you - I wouldn’t have guessed under “mgmt” module.
Regarding second question, “Is F5 becoming less committed about CLI parity or is this ASM-specific limitation?” - is there parity between TMSH and TMUI?
03-Sep-2021 02:10
Difficult to answer. There are a couple of AdvWAF tasks I would only know how to do them via tmsh or bash. Specifically tasks related to troubleshooting and maintenance.
There are other tasks I would only know how to do them via TMUI.
I think it is not about commitment to CLI. It is about AdvWAF being a different module than LTM and therefore the CLI is also different.