Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions
Custom Alert Banner

Are you an expert?    Interested in presenting at F5 AppWorld 2024?    Submit a proposal by Nov 29th!

WAF profile replicate

yadgayan
Cirrus
Cirrus

‎02-Nov-2023 13:35

Hi All,

When we have a DR setup and we have WAF enabled in the Active site then how do we keep identical learned copy of the WAF profile on both sides? 

Usually Primary site WAF profile is matured during the time being but how do we keep the same mature profile in DR site as well? 

Thanks 

Gayan

0 Kudos
5 REPLIES 5

Niels_van_Sluis
MVP
MVP

‎03-Nov-2023 01:26

Hi Gayan,

This article might help you out: Syncing ASM WAF Policies Between F5 BIG-IP's in Di... - DevCentral

Have fun,

     --Niels

Nikoolayy1
MVP
MVP

‎03-Nov-2023 03:02 - edited ‎03-Nov-2023 05:00

Also Terraform can be a nice way to go outside of what @Niels_van_Sluis  mentioned as it can even take in account the policy builder suggerstions:

 

Manage F5 BIG-IP Advanced WAF Policies with Terraform (Intro)

Manage F5 BIG-IP Advanced WAF Policies with Terraform (Part 1 - Policy Creation)

Scenario #5: Manage an F5 BIG-IP Advanced WAF Policy with Policy Builder on a single device

 

Other than that you can create the policy on BIG-IQ and distribute it to the F5 devices you want:

 

Deploying a web application firewall policy with c... - DevCentral (f5.com)

 

 

yadgayan
Cirrus
Cirrus

‎07-Nov-2023 12:29

Thanks a lot to both @Nikoolayy1  and @Niels_van_Sluis

@Niels_van_Sluis can we implement CI/CD and continuously develop based on suggestions? 

0 Kudos

Niels_van_Sluis
MVP
MVP
In response to yadgayan

‎07-Nov-2023 19:47

Not sure if your question about CI/CD is for me, but I think the articles that @Nikoolayy1 mentioned about Terraform come close on how to implement CI/CD. 

0 Kudos

Nikoolayy1
MVP
MVP
In response to Niels_van_Sluis

‎07-Nov-2023 23:11 - edited ‎07-Nov-2023 23:15

If you want CI/CD use terraform or AS3 Declarative WAF (you can use ansible or terraform to again push as3) and host the WAF config in github. If you want to also handle learnings with policy builder then terraform is better or you can just make your own automation by using the api to export them.

Displaying BIG-IP ASM learning suggestions using the iControl REST API (f5.com)

Exercise 3.3 - Deploying a WAF policy through AS3 (f5.com)

 

    "new_asm_policy": {
      "class": "WAF_Policy",
      "url": "https://raw.githubusercontent.com/f5devcentral/FAS-ansible-workshop-101/master/3.3-as3-asm/Test_WAF_Policy.xml",
      "ignoreChanges": true
   }

 

 

0 Kudos
Copyright © 2023 Khoros, LLC