Possible to export/import ASM policies via a script?
Is it possible to possible to export ASM policies from one F5 and then import the ASM policies into another F5 via a script? I'd like to export the ASM policies from our prod F5 and then import them into our DR F5 in bulk via a script instead of exporting/importing one by one. Thx
iControlREST and Curl to save and download ASM policies
Hi, I want to be able to save/export asm policies on the F5 and then download. I want to do this using iControlREST and curl. I am able to save UCS files with the post shown below: curl -v -sk -u admin:admin https://myF5/mgmt/tm/sys/ucs -H 'Content-Type: application/json' -X POST -d '{"command":"save","name":"blah.ucs"}' | jq However if I try to do something similar for asm I get errors. Below is what I was trying with asm. curl -v -sk -u admin:admin https://myF5/mgmt/tm/asm/policies/fn9GoMrandomGvoN2dD -H 'Content-Type: application/json' -X POST -d '{"command":"save","name":"as_test.xml"}' | jq The error I get is: { "code": 400, "message": "Could not parse/validate the Policy 'Security Policy /Common/as_test'. Unknown field 'command'", "originalRequestBody": "{\"command\":\"save\",\"name\":\"as_test.xml\"", "referer": "x.x.x.x", "restOperationId": 59083, "kind": ":resterrorresponse" } Thank you
Export GTM/DNS Virtual Servers Configuration in CSV - tmsh cli script
Problem this snippet solves: This is a simple cli script used to collect all the virtual-servers name, its destination created in a server or ltm server. A sample output would be like below, How to use this snippet: This is similar to my other share - https://devcentral.f5.com/s/articles/Export-GTM-DNS-Configuration-in-CSV-tmsh-cli-script Login to the GTM/DNS, create your script by running the below commands and paste the code provided in snippet, tmsh create cli script gtm-vs Delete the proc blocks, so it looks something like below, create script gtm-vs { ## PASTE THE CODE HERE ## } and paste the code provided in the snippet. Note: When you paste it, the indentation may be realigned, it shouldn't cause any errors, but the list output would show improperly aligned. Feel free to delete the tab spaces in the code snippet & paste it while creating, so indentation is aligned properly. And you can run the script like below, tmsh run cli script gtm-vs > /var/tmp/gtm-vs-output.csv And get the output from the saved file, open it on excel. Format it & use it for audit & reporting. cat /var/tmp/gtm-vs-output.csv Feel free to add more elements as per your requirements. Code : proc script::run {} { puts "Server,Virtual-Server,Destination" foreach { obj } [tmsh::get_config gtm server] { set server [tmsh::get_name $obj] foreach { vss } [tmsh::get_config gtm server $server virtual-servers] { set vs_set [tmsh::get_field_value $vss virtual-servers] foreach vs $vs_set { set vs_name [tmsh::get_name $vs] puts $server,$vs_name,[tmsh::get_field_value $vs destination] } } } } Tested this on version: 13.1
Export SAML Metadata
Working on setting up APM (11.4.1) as a SAML service provider to an External IdP. Got the External IdP connector setup fine. Got the Local SP Service setup and bound to External IdP. In trying to Export the Metadata for the Local Service Provider in APM, I hit the Export Metadata option, and regardless if I Sign Metadata or not when I hit the Download button, I get nothing. No file download prompt in the browser or notice as to where the XML file may have been placed. How do I actually export the SP metadata so I can setup the F5 Relying Party in the IdP? The manual simply says "APM downloads an XML file". OK what does that mean? Thanks
Exporting a full list of Attack Sigantures
Hi. I am looking to export a full list of the current signatures I have in blocking mode. If possible, I would like to separate these lists in to their signature sets. If I navigate to "Security ›› Options : Application Security : Attack Signatures : Attack Signature Sets" then I can view the different signature set types. Let's take the High Accuracy Signatures for instance. If I click on those, I get a list of signatures that are a part of that set, but I cannot copy and paste them. I have people asking me for a list of these signatures so I am hoping there is an easy way to extract these. They want to be able to share it within their team to show what the WAF is doing for them, and what it is blocking so they can test it out for themselves. Is it a possibility that a file exists in the console that I can pull down through WinSCP that has a list of these? Similarly if I go to "Security ›› Application Security : Attack Signatures" I would like to be able to export the full list of 2857 signatures I have for this policy. Thanks.Exporting a DDoS Profile
Hi, I have a DDoS profile in my Test environment which I want to export so I can import it into our Production Environment. Is this possible? Recreating the DDoS profile in production is simple enough however we have a third party manage our Production Systems so it would be easier to have them import my policy. Thank you in advance as always. Regards
Script to export list of Virtual Servers attached with HTTP profiles
Hi, I'm been asked to update all the virtual servers having http profile with logging iRule. Now, in my environment I have thousands of virtuals servers in each BIG IP of APAC/ EMEA / US and therefore it would be laborious process to extract all this information and attach iRule to them. I'm looking for some script (to find virtual servers having http profile) that I can run on LTM which could be exported into excel so as to send that details to CAB meeting in our system and also it would be easy for me to delegate some of the work and to perform check and balance. It would be great if anyone can help me in this. Thanks, Sai
