For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

AS3

59 Topics

Terraform AS3 code for GTM Only.
Hello All, I am really really suffering here :( Have been looking for GTM ONLY code in AS3 form, need a simple code hardcoded values will also work. I have seen documentation and couldn't see exact use case. We are doing POC for where VMs are direct;y added to GTM and NO LTM component are there. I can't post my LTM + GTM code as its in office. Would really appreciate any help and guidance here. Any simple code work snippet using only AS3 please.
RavinderSingh13
Nov 20, 2025 Place Technical Forum
164Views
0likes
8Comments
WAF Policy upload using AS3
I am using per-app declaration to upload multiple WAF policies in an app. when I post the declaration using POST command, i only get 202 accepted, and in the backend, the F5 uploads the ASM policies. How can I get to know iff all the policies are uploaded successfully or if any have failed? Is there any command or rest api? POST : https:/<f5ip>/mgmt/shared/appsvcs/declare/Demo/applications { "id": "per-app-declaration", "schemaVersion": "3.54.2", "controls": { "class": "Controls", "logLevel": "debug", "trace": true }, "WMS_ASM": { "class": "Application", "template": "generic", "wms_Dispatcher_asm_v172": { "class": "WAF_Policy", "file": "/var/tmp/v17/wms_Dispatcher_asm_file.xml" }, "wms_MessageStoreAPI_asm_v172": { "class": "WAF_Policy", "file": "/var/tmp/v17/wms_MessageStoreAPI_asm_file.xml" }, "wms_abdg_asm_v172": { "class": "WAF_Policy", "file": "/var/tmp/v17/wms_abdg_asm_file.xml" }, "wms_auth_asm_v173": { "class": "WAF_Policy", "file": "/var/tmp/v17/wms_auth_asm_file.xml" }, "wms_carrier-info_asm_v172": { "class": "WAF_Policy", "file": "/var/tmp/v17/wms_carrier-info_asm_file.xml" }, "wms_cas_asm_v172": { "class": "WAF_Policy", "file": "/var/tmp/v17/wms_cas_asm_file.xml" }, "wms_csdui_asm_v172": { "class": "WAF_Policy", "file": "/var/tmp/v17/wms_csdui_asm_file.xml" }, "wms_csrkodiak_asm_v172": { "class": "WAF_Policy", "file": "/var/tmp/v17/wms_csrkodiak_asm_file.xml" }, "wms_getContactAddlInfo_asm_v172": { "class": "WAF_Policy", "file": "/var/tmp/v17/wms_getContactAddlInfo_asm_file.xml" }, "wms_keymanagement_asm_v174": { "class": "WAF_Policy", "file": "/var/tmp/v17/wms_keymanagement_asm_file.xml" }, "wms_kodiakidsprov_asm_v172": { "class": "WAF_Policy", "file": "/var/tmp/v17/wms_kodiakidsprov_asm_file.xml" }, "wms_lcms_asm_v173": { "class": "WAF_Policy", "file": "/var/tmp/v17/wms_lcms_asm_file.xml" }, "wms_mcsxcap_asm_v173": { "class": "WAF_Policy", "file": "/var/tmp/v17/wms_mcsxcap_asm_file.xml" }, "wms_mobileapi_asm_v172": { "class": "WAF_Policy", "file": "/var/tmp/v17/wms_mobileapi_asm_file.xml" }, "wms_ngcat_asm_v172": { "class": "WAF_Policy", "file": "/var/tmp/v17/wms_ngcat_asm_file.xml" }, "wms_oidcxcap_asm_v172": { "class": "WAF_Policy", "file": "/var/tmp/v17/wms_oidcxcap_asm_file.xml" }, "wms_tpams_asm_v172": { "class": "WAF_Policy", "file": "/var/tmp/v17/wms_tpams_asm_file.xml" }, "wms_wcsr_asm_v172": { "class": "WAF_Policy", "file": "/var/tmp/v17/wms_wcsr_asm_file.xml" }, "wms_webdispatcher_asm_v172": { "class": "WAF_Policy", "file": "/var/tmp/v17/wms_webdispatcher_asm_file.xml" } } }
idcf5
Sep 29, 2025 Place Technical Forum
76Views
0likes
2Comments
AS3 Storage
I declared 2 WAF polices using AS3, now I deleted one using the tmsh command. In the bigip.conf I can see only 1 WAF policy, but while I do a GET api call for that App, I am still getting 2 WAF policies. It is persistent on reboots. Where does F5 store the AS3 declaration? From where am I getting both the WAF policies (from where f5 is returning the original as3 declaration?) in Rest api : https:///mgmt/shared/appsvcs/declare/Dummy/applications/SYNCGW_Common "wms_egls_asm_v174": { "class": "WAF_Policy", "file": "/var/tmp/v17/wms_egls_asm_file.xml", "ignoreChanges": true }, "wms_egls_asm_v173": { "class": "WAF_Policy", "file": "/var/tmp/v17/wms_egls_asm_file.xml", "ignoreChanges": true } In Bigip.conf: asm policy /Dummy/SYNCGW_Common/wms_egls_asm_v174 { active encoding utf-8 }
Tausif
Sep 11, 2025 Place Technical Forum
69Views
1like
3Comments
Universal Persistence w. AS3 vs. SCF - the same but not the same
Hi community, I have an odd issue. When I create the following config manually or with SCF the Universal Persistence works. I get records in the persistence table. root@(ltm-apm)(cfg-sync Standalone)(Active)(/Common)(tmos)# show ltm persistence persist-records Sys::Persistent Connections universal 12345abcde 10.100.155.182:80 10.100.153.127:80 (tmm: 1) universal 12345abcde 10.100.155.182:80 10.100.153.127:80 (tmm: 0) This is the config as SCF (at least the relevant parts of it): ltm virtual vs_persistence_test { destination 10.100.155.182:http ip-protocol tcp mask 255.255.255.255 persist { uie_jsessionid { default yes } } pool pl_persistence_test profiles { f5-tcp-progressive { } http { } } serverssl-use-sni disabled source 0.0.0.0/0 source-address-translation { pool snat_pool_internal type snat } translate-address enabled translate-port enabled vs-index 57 } ltm persistence universal uie_jsessionid { app-service none defaults-from universal rule rule_uie_jsessionid timeout 300 } ltm rule rule_uie_jsessionid { when HTTP_RESPONSE { if { [HTTP::cookie exists "JSESSIONID"] } { persist add uie [HTTP::cookie "JSESSIONID"] } } when HTTP_REQUEST { if { [HTTP::cookie exists "JSESSIONID"] } { persist uie [HTTP::cookie "JSESSIONID"] } } } Do I deploy the same with AS3, it doesn't seem to work. I cannot see any persistence records. { "$schema": "https://raw.githubusercontent.com/F5Networks/f5-appsvcs-extension/main/schema/latest/as3-schema.json", "class": "AS3", "action": "deploy", "declaration": { "class": "ADC", "schemaVersion": "3.0.0", "remark": "Session persistency w JSESSIONID", "universal_persist_jsessionid": { "class":"Tenant", "App01": { "class": "Application", "service_http_80": { "persistenceMethods": [{ "use": "uie_jsessionid" } ], "pool": "pl_persistence_test", "translateServerAddress": true, "translateServerPort": true, "class": "Service_HTTP", "profileTCP": { "bigip": "/Common/f5-tcp-progressive" }, "profileHTTP": { "bigip": "/Common/http" }, "virtualAddresses": [ "10.100.155.182" ], "virtualPort": 80 }, "pl_persistence_test": { "members": [ { "servicePort": 80, "serverAddresses": [ "10.100.153.126", "10.100.153.127" ] } ], "monitors": [ { "bigip": "/Common/http" } ], "class": "Pool" }, "uie_jsessionid": { "duration": 300, "class": "Persist", "iRule": "persist_irule", "persistenceMethod": "universal" }, "persist_irule": { "class": "iRule", "iRule": { "base64": "d2hlbiBIVFRQX1JFU1BPTlNFIHsKICBpZiB7IFtIVFRQOjpjb29raWUgZXhpc3RzICJKU0VTU0lPTklEIl0gfSB7CiAgICBwZXJzaXN0IGFkZCB1aWUgW0hUVFA6OmNvb2tpZSAiSlNFU1NJT05JRCJdCiAgfQp9CndoZW4gSFRUUF9SRVFVRVNUIHsKICBpZiB7IFtIVFRQOjpjb29raWUgZXhpc3RzICJKU0VTU0lPTklEIl0gfSB7CiAgICBwZXJzaXN0IHVpZSBbSFRUUDo6Y29va2llICJKU0VTU0lPTklEIl0KICB9Cn0=" } } } } } } FYI, I decided to use base64 for the iRule in AS3. However, if I do a diff of the iRules in plaintext - they are the same. BIG-IP version: 17.1.2.1 Now my questions are. Am I missing something here? Did anybody come accross the same issue? Why is it not working? Thanks for your help Daniel
Solved
Daniel_Wolf
May 26, 2025 Place Technical Forum
140Views
0likes
5Comments
Horizon View iApp - Big-IP 17.5
I have a client deploying an r4650 pair. The plan is for it to handle Exchange, LDAPS & Horizon View. I’m in the process of initial setup on the pair of boxes now. It’s been a long time since I've deployed Horizon View on F5. I see that the iApp is still maintained so yay! Question: is the current 1.5.9 version of the iApp supported in Big-IP 17.5? The KB article states 17.1 but the article hasn’t been updated in a while. F5 recommends the latest version of 17.5 but I don't want to hit any snags as we deploy. Thanks in advance, Matt
cafnetmatt
May 23, 2025 Place Technical Forum
382Views
0likes
2Comments
AS3 Limitations
Below are some limitations of AS3 as means of Automation. config deployment is locked down by Automation, no manual intervention possible for below use cases - incidents - new requirements/features need to wait for automation to be updated - Automation failures cause deployment to be stalled until automation is fixed - Operational issues, maybe require out-of-band changes outside of AS3 - Source of truth must be reconciled periodically with F5 device to check for config drift - 2 layers of failures during config deployment one is Automation and second is source of truth, therefore involves more troubleshooting effort - Reliance on an External Source of Truth management, non-native to F5 and not supported by F5 - AS3 is Less mature compared to iControl Rest, iControl Rest was introduced in TMOS 11.x
Anesh
Mar 22, 2025 Place Technical Forum
218Views
2likes
3Comments
Declaration for loading Cert/PrivKey in Common
Dear F5 enthousiasts, I want to add a certificate and a private key to my F5 through a AS3 declaration under System > Certificate Management. The certificate must be placed under the /Common partition only, and no path is necessary. The declaration I created looks as follow: { "$schema": "https://raw.githubusercontent.com/F5Networks/f5-appsvcs-extension/master/schema/latest/as3-schema.json", "class": "AS3", "action": "deploy", "declaration": { "class": "ADC", "schemaVersion": "3.45.0", "id": "import-cert", "label": "Certificate Import", "Common": { "class": "Tenant", "myCertName": { "class": "Certificate", "certificate": { "base64": "<base64 encoded certificate>" }, "privateKey": { "base64": "<base64 encoded private key>" } } } } } But when I POST this declaration to my F5 server I get the following message back: { "code": 422, "errors": [ "/Common: should NOT have additional properties" ], "message": "declaration is invalid", "host": "localhost", "tenant": [ "Common:" ], "declarationId": "import-cert" } I tried to find answers but cloudn't find anything and I would appreciate help. Thanks in advance, Kr Xavier
Solved
Blowfish
Feb 14, 2025 Place Technical Forum
204Views
0likes
3Comments
Best Practice to Store AS3 State/Source of Truth ?
What is the best option to store AS3 state ? I have seen organisations using the below Terraform state files As repos on github/bitbuket NoSQL Databases S3 Storage on Amazon Which one of the above is scalable and best suited to store to AS3 state files ?
Anesh
Feb 03, 2025 Place Technical Forum
176Views
0likes
3Comments
Will iControl REST API be brought back in BIGIP NEXT ?
Will iControl REST API be brought back in BIGIP NEXT ?
Anesh
Jan 29, 2025 Place Technical Forum
57Views
0likes
0Comments
Unable to set 'Session Ticket' attribute in TLS_Server object using AS3
I am currently in the process of migrating our F5 config towards AS3. However, I am currently running into an issue while converting the 'Session Ticket' attribute of our clientssl profiles (TLS_Server in AS3) While the AS3 Schema reference allows to provide a sessionTickets attribute for TLS_CLIENT objects, there is no such option for TLS_Server objects that I am able to find. Does anybody know how to set this attribute for SERVER_TLS objects in AS3? Is it just not possible? Is there a different option I need to use with AS3? Thanks in advance
userTM
Jan 24, 2025 Place Technical Forum
42Views
0likes
0Comments