Import PKCS 12 SSL to Device Certificate via API/Script or CLI on BIG-IP
We have more than 160 BIG-IP Virtual Edition with version 15.1.10.3 build 0.0.12. We need to import, in each one, an SSL Certificate in PFX/PKCS 12 format in the path System ›› Certificate Management: Device Certificate Management: Device Certificate. We looked in the documentation and the KB but we couldn't find a way to do it. Has anyone dealt with this and have a solution to do it via Script, CLI or API? Thank you.20Views0likes1CommentHow to generate ASM report from a pre-defined filter using TMSH
Is there a way to generate a report using a pre-defined report (filter) using CLI (TMSH)? Though I should be able to generate the same report by typing down the filter for the report in TMSH but TMSH does not understand the Drilldown for Security Policy for some reason. For instanace, when I try to run the following command it is not able to identify the Policy save analytics application-security report view-by attack-type measures { occurrences } drilldown {{ entity policy values { My_Security_Policy_Name } } } format pdf file foo.pdf range now-3w The error I get for above is : Data Input Error: Invalid entity value My_Security_Policy_Name This is strange because I am able to see and set Security Policies in the filter in GUI. I am using Big-IP 12.1.0.187Views0likes0CommentsiStats v13 command help
Hi, Here is help displayed by cli istats command: Usage: istats [-s ] [] is one of: 'set' 'incr' 'get' 'remove' 'dump' 'drop_row' 'drop_column' 'clear_row' is a single quoted argument: "keyspace ... " (like "ltm.pool /Common/mypool counter mystat") is one of: 'counter' 'gauge' 'string' 'text' 'signed' 'unsigned' 'bin' 'dec' 'hex' 'timestamp' 'timeval' 'uinthex' must be specified for 'set' and 'incr', and must be an integer for 'incr' The for a gauge may be negative. Use 2 dashes before the negative value (like 'incr "... gauge ..." -- -1') I wonder if there are is any info how to use operations like drop_row, drop_colum, clear_row What is [-s ] description "keyspace ... " - what is keyspace and column? If possible some example of key using all above elements and multiple columnsIs there any description what can be stored in types: 'text' 'signed' 'unsigned' 'bin' 'dec' 'hex' 'timestamp' 'timeval' 'uinthex'And how those behave in relation to value used. What is difference between timestamp and timeval. I had ipression that those can be set without using value (like automatically place current time at the moment key is created in value) but it seems not be the case.Piotr724Views0likes4CommentsUpgrade Verification - CLI tips and tricks
I mentioned recently in a conversation that I use to use the CLI to generate a snapshot of the bigip run state for pre/post comparison after an upgrade. By accident, I ran across these scripts today so here they are for your enjoyment. They are circa big-ip v12 so update as needed, feel free to post updated versions in the reply and i will tick them as the answer even. Pre-Change (Now supports partitions) # tmsh -c "cd /; show ltm virtual recursive" | awk '/Ltm::Virtual/ { printf $NF } /(Availability|State)/ { printf ":"$NF } /Reason/ { print ":"$NF} ' > bigip-virtual-state.pre # tmsh -c "cd /; show ltm pool recursive" | awk '/Ltm::Pool/ { printf $NF } /(Availability|State)/ { printf ":"$NF } /Reason/ { print ":"$NF} ' > bigip-pool-state.pre Post Change # tmsh -c "cd /; show ltm virtual recursive" | awk '/Ltm::Virtual/ { printf $NF } /(Availability|State)/ { printf ":"$NF } /Reason/ { print ":"$NF} ' > bigip-virtual-state.post # tmsh -c "cd /; show ltm pool recursive" | awk '/Ltm::Pool/ { printf $NF } /(Availability|State)/ { printf ":"$NF } /Reason/ { print ":"$NF} ' > bigip-pool-state.post Comparison # diff bigip-virtual-state.pre bigip-virtual-state.post # diff bigip-pool-state.pre bigip-pool-state.post579Views2likes1CommentTMSH CLI to modify objects with keyword variables in them
I am curious if there was a way to modify VIPs w/o specifically defining them within the command .. for example : modify ltm virtual Test-Donkey-HTTPS profiles delete { tcp-600 } profiles add { tcp } modify ltm virtual Prod-Donkey-HTTPS profiles delete { tcp-600 } profiles add { tcp } modify ltm virtual Stage-Donkey-HTTPS profiles delete { tcp-600 } profiles add { tcp } So above, I would like to replace all "Donkey" VIPs in one shot to adjust their profiles. Thank you!489Views0likes1CommentPool Member Nodes: Different Partitions, Same IP Address
In summary, I have created multiple partitions. I'm attempting to perform a merge configuration. I get an error stating that I cannot use the same IP address for two separate nodes that reside in different partitions. Is this be design? I'm performing a migration from A10. Can F5 have nodes in different partitions with the same IP address? Here is my error via the CLI: 0107003a:3: Pool member node (/WEB/pcf-prod-gorouter1) and existing node (/APP/pcf-prod-gorouter1) cannot use the same IP Address (10.66.36.12). As you can see by the names of the nodes, they reside in different partitions. Thanks in advance for the assistance.Solved2KViews1like3CommentsUsing Single Configuration File to Configure F5
I'm using the "tmsh load /sys config merge" CLI command to configure an F5 device. This command works great. However, for example, when it comes to configuring an LTM virtual server, by default, it creates a "Performance (Layer 4)" type of virtual server. I'd like for my SCF to configure a virtual server of type "Standar", however, I cannot find the property that will allow me to do this with an SCF. Is this possible? Does anyone know how I can accomplish this task? I'm performing a huge migration from A10 to F5 so any help would be greatly appreciated. Thanks in advance.Solved564Views0likes3Commentstacacs not working for CLI access only on active unit
We are facing an issue where tacacs users are not able to login the CLI (ssh) of Active F5. GUI login is working fine for TACACS users on active F5. The SSH session via putty prompts for credential, but the putty window disappear as soon as he enters the credential. TACACS users are able to login to gui and cli perfectly fine on standby box. Checks performed: The route for tacacs server is through management ip and reachable.(gui is working for active). There are no failure logs in /var/log/secure|audit. Configuration for role group for tacacs on F5 is allowed for tmsh and is having adminstrator access. sshd[14095]: pam_bigip_authz: authenticated user XXXXX with role 0 (Administrator) in partition [All]. When accessed the ssh through root account. Was able to login but something wierd exception (below) was given when I tried accessing tmsh utility by running the 'tmsh' command from bash utility. Exception: (can't open command history file (/root/.tmsh-history-root), Read-only file system (framework/CmdHistoryFile.cpp, line 90), exiting…448Views0likes0CommentsAAA for Big-IQ CLI/TMSH Login
Hi, I have tried to use AAA server for authentication and authorization Big-IQ web GUI login. I configured on Big-IQ web GUI and find out that it doesn't work to authenticate user who log in into TMSH/CLI. Is there separate configuration to authenticate user through AAA server for CLI/tmsh? Thank you778Views0likes1Comment