LTM v13: Certificate Archive does not work
Hi all, Anyone who got this to work? https://support.f5.com/csp/article/K146208 I have v13.1.0.2 and try to export certificates as a *.tgz but I get the following error: Key management library returned bad status: -99, Internal Error; connection not set and no session from which to get it So it is not possible to export the certs anymore 😞 Any hints are welcome! Thanks, Peter
Export VIP, Cert CN and Cert expiration date
Hi all, Client has requested the following information; VIP NAME, VIP IP, Cert CN + Cert Duration. I have a script that exports VIP and Pool, was hoping to collate all the information into this if possible. virtuallist=$(tmsh list ltm virtual | grep virtual | cut -d' ' -f3 | tr "\n" " " ); for v in $virtuallist ; do DEST=""; POOL=""; MEMB=""; DEST=$(tmsh list ltm virtual $v | grep destination | cut -d' ' -f6) POOL=$(tmsh list ltm virtual $v | grep pool | cut -d' ' -f6) MEMB=$(tmsh list ltm pool $POOL | egrep 'address '| sed '$!N;s/\n/ /') if [ "$POOL" != "" ]; then echo ""; echo " Virtual: $v - $DEST"; echo " Pool: $POOL"; echo "$MEMB"; else echo ""; echo "!! Virtual $v $DEST has no pool assigned"; echo ""; fi done :wq Cert expiry can be listed from - tmsh list sys file ssl-cert expiration-string Have noticed CN can be pulled using regex - regexp {CN=([^,]+)} [mcget {session.ssl.cert.subject} ] CNFull CNValue; return $CNValue Would there be a way to compilate this all into one script? I am very new to F5 and scripting, any help would be appreciated.iControlREST and Curl to save and download ASM policies
Hi, I want to be able to save/export asm policies on the F5 and then download. I want to do this using iControlREST and curl. I am able to save UCS files with the post shown below: curl -v -sk -u admin:admin https://myF5/mgmt/tm/sys/ucs -H 'Content-Type: application/json' -X POST -d '{"command":"save","name":"blah.ucs"}' | jq However if I try to do something similar for asm I get errors. Below is what I was trying with asm. curl -v -sk -u admin:admin https://myF5/mgmt/tm/asm/policies/fn9GoMrandomGvoN2dD -H 'Content-Type: application/json' -X POST -d '{"command":"save","name":"as_test.xml"}' | jq The error I get is: { "code": 400, "message": "Could not parse/validate the Policy 'Security Policy /Common/as_test'. Unknown field 'command'", "originalRequestBody": "{\"command\":\"save\",\"name\":\"as_test.xml\"", "referer": "x.x.x.x", "restOperationId": 59083, "kind": ":resterrorresponse" } Thank youExport GTM/DNS Virtual Servers Configuration in CSV - tmsh cli script
Problem this snippet solves: This is a simple cli script used to collect all the virtual-servers name, its destination created in a server or ltm server. A sample output would be like below, How to use this snippet: This is similar to my other share - https://devcentral.f5.com/s/articles/Export-GTM-DNS-Configuration-in-CSV-tmsh-cli-script Login to the GTM/DNS, create your script by running the below commands and paste the code provided in snippet, tmsh create cli script gtm-vs Delete the proc blocks, so it looks something like below, create script gtm-vs { ## PASTE THE CODE HERE ## } and paste the code provided in the snippet. Note: When you paste it, the indentation may be realigned, it shouldn't cause any errors, but the list output would show improperly aligned. Feel free to delete the tab spaces in the code snippet & paste it while creating, so indentation is aligned properly. And you can run the script like below, tmsh run cli script gtm-vs > /var/tmp/gtm-vs-output.csv And get the output from the saved file, open it on excel. Format it & use it for audit & reporting. cat /var/tmp/gtm-vs-output.csv Feel free to add more elements as per your requirements. Code : proc script::run {} { puts "Server,Virtual-Server,Destination" foreach { obj } [tmsh::get_config gtm server] { set server [tmsh::get_name $obj] foreach { vss } [tmsh::get_config gtm server $server virtual-servers] { set vs_set [tmsh::get_field_value $vss virtual-servers] foreach vs $vs_set { set vs_name [tmsh::get_name $vs] puts $server,$vs_name,[tmsh::get_field_value $vs destination] } } } } Tested this on version: 13.1
Possible to export/import ASM policies via a script?
Is it possible to possible to export ASM policies from one F5 and then import the ASM policies into another F5 via a script? I'd like to export the ASM policies from our prod F5 and then import them into our DR F5 in bulk via a script instead of exporting/importing one by one. Thx
Cannot deploy or export SSL keys from Big IQ
We have not been able to deploy any configurations from Big IQ (V 5.3) to existing LTM (12.1.2) Virtual Servers if they are not natively created on Big IQ. However, we were hopeful that we could manage SSL certificates from Big IQ. So we created keys, CSR's and imported the associated certificates successfully on the Big IQ natively. The hope was we could deploy them to each LTM that required them. There should be no object conflict since these are net new objects being introduced to the LTM. We tried deploying as a partial with just the key to a single LTM. The Big IQ stated the evaluation and deployment was successful but this was in error as the LTM had no such object. This was not unexpected as we have not been successful with others. What was unexpected is the inability to export the private keys so we may import them on the LTM's. I have not been able to identify what directory these keys may be in or find any information on this subject. Any help useful!Exporting a full list of Attack Sigantures
Hi. I am looking to export a full list of the current signatures I have in blocking mode. If possible, I would like to separate these lists in to their signature sets. If I navigate to "Security ›› Options : Application Security : Attack Signatures : Attack Signature Sets" then I can view the different signature set types. Let's take the High Accuracy Signatures for instance. If I click on those, I get a list of signatures that are a part of that set, but I cannot copy and paste them. I have people asking me for a list of these signatures so I am hoping there is an easy way to extract these. They want to be able to share it within their team to show what the WAF is doing for them, and what it is blocking so they can test it out for themselves. Is it a possibility that a file exists in the console that I can pull down through WinSCP that has a list of these? Similarly if I go to "Security ›› Application Security : Attack Signatures" I would like to be able to export the full list of 2857 signatures I have for this policy. Thanks.Exporting a DDoS Profile
Hi, I have a DDoS profile in my Test environment which I want to export so I can import it into our Production Environment. Is this possible? Recreating the DDoS profile in production is simple enough however we have a third party manage our Production Systems so it would be easier to have them import my policy. Thank you in advance as always. Regards
