Forum Discussion

richard_polyak's avatar
richard_polyak
Icon for Altocumulus rankAltocumulus
Apr 21, 2022

BIG-IQ AS3 declaration with TLS_Server defaulting parent profile.

Good Afternoon -

I have deployed BIG-IQ for a central system to provide guidelines for our automation teams to following via the AS3 templates.

Our migration aspect is going from a imperative to declaritive module, and I am running into some stumbling blocks. Today we default all of our profiles from our custom profiles, so defining to use our default TCP, Persistence & others works fine with the exception of the SSL profiles.

Is there a way to tell the AS3 declaration to default from our custom SSL profile in stead of having to define this individually for every new app we deploy?

There are multiple reasons we defuault from our custom profiles that default from F5's default profile.

If we need to make a global change, I only need to modify our custom profile and not every applicaiton. Also it helps with the configuration getting bloated by re-defining all the same settings in every profile.

So how can I update the AS3 template in BIG-IQ to default to my custom ssl profile instead of defaulting from F5's?

"prof_sslc_xxxx.xxxx.com": {
"certificates": [
{
"certificate": "/Common/Shared/xxxx.xxxx.com"
}
],
"class": "TLS_Server",
"tls1_0Enabled": true,
"tls1_1Enabled": true,
"tls1_2Enabled": true,
"tls1_3Enabled": false,
"singleUseDhEnabled": false,
"insertEmptyFragmentsEnabled": true
},

Thx

Rich

No RepliesBe the first to reply