export
14 TopicsPossible to export/import ASM policies via a script?
Is it possible to possible to export ASM policies from one F5 and then import the ASM policies into another F5 via a script? I'd like to export the ASM policies from our prod F5 and then import them into our DR F5 in bulk via a script instead of exporting/importing one by one. Thx2KViews0likes10CommentsiControlREST and Curl to save and download ASM policies
Hi, I want to be able to save/export asm policies on the F5 and then download. I want to do this using iControlREST and curl. I am able to save UCS files with the post shown below: curl -v -sk -u admin:admin https://myF5/mgmt/tm/sys/ucs -H 'Content-Type: application/json' -X POST -d '{"command":"save","name":"blah.ucs"}' | jq However if I try to do something similar for asm I get errors. Below is what I was trying with asm. curl -v -sk -u admin:admin https://myF5/mgmt/tm/asm/policies/fn9GoMrandomGvoN2dD -H 'Content-Type: application/json' -X POST -d '{"command":"save","name":"as_test.xml"}' | jq The error I get is: { "code": 400, "message": "Could not parse/validate the Policy 'Security Policy /Common/as_test'. Unknown field 'command'", "originalRequestBody": "{\"command\":\"save\",\"name\":\"as_test.xml\"", "referer": "x.x.x.x", "restOperationId": 59083, "kind": ":resterrorresponse" } Thank you1.7KViews0likes5CommentsExport AFM firewall rules using Icontrol
Hi All, I am trying to export the complete firewall rule list using RestAPI in version 12.1.3 but I get the following response: command used: $select=rulesReference&expandSubcollections=true ver=12.1.3.1","isSubcollection":true}}]}'expandSubcollections' is not recognized as an internal or external command It seems the expandsubcollections command is not being recognized at all. Complete response is: {"kind":"tm:security:firewall:policy:policycollectionstate","selfLink":"https://localhost/mgmt/tm/security/firewall/policy?$select=rulesReference&ver=12.1.3.1","items":[{"rulesReference":{"link":"https://localhost/mgmt/tm/security/firewall/policy/~Common~DDCBU-Global/rules?ver=12.1.3.1","isSubcollection":true}},{"rulesReference":{"link":"https://localhost/mgmt/tm/security/firewall/policy/~Common~DDCBU-management/rules?ver=12.1.3.1","isSubcollection":true}},{"rulesReference":{"link":"https://localhost/mgmt/tm/security/firewall/policy/~Common~self-protect/rules?ver=12.1.3.1","isSubcollection":true}}]}'expandSubcollections' is not recognized as an internal or external command, operable program or batch file.Solved783Views0likes7CommentsExport SAML Metadata
Working on setting up APM (11.4.1) as a SAML service provider to an External IdP. Got the External IdP connector setup fine. Got the Local SP Service setup and bound to External IdP. In trying to Export the Metadata for the Local Service Provider in APM, I hit the Export Metadata option, and regardless if I Sign Metadata or not when I hit the Download button, I get nothing. No file download prompt in the browser or notice as to where the XML file may have been placed. How do I actually export the SP metadata so I can setup the F5 Relying Party in the IdP? The manual simply says "APM downloads an XML file". OK what does that mean? Thanks738Views0likes5CommentsExporting a full list of Attack Sigantures
Hi. I am looking to export a full list of the current signatures I have in blocking mode. If possible, I would like to separate these lists in to their signature sets. If I navigate to "Security ›› Options : Application Security : Attack Signatures : Attack Signature Sets" then I can view the different signature set types. Let's take the High Accuracy Signatures for instance. If I click on those, I get a list of signatures that are a part of that set, but I cannot copy and paste them. I have people asking me for a list of these signatures so I am hoping there is an easy way to extract these. They want to be able to share it within their team to show what the WAF is doing for them, and what it is blocking so they can test it out for themselves. Is it a possibility that a file exists in the console that I can pull down through WinSCP that has a list of these? Similarly if I go to "Security ›› Application Security : Attack Signatures" I would like to be able to export the full list of 2857 signatures I have for this policy. Thanks.619Views0likes2CommentsExporting a DDoS Profile
Hi, I have a DDoS profile in my Test environment which I want to export so I can import it into our Production Environment. Is this possible? Recreating the DDoS profile in production is simple enough however we have a third party manage our Production Systems so it would be easier to have them import my policy. Thank you in advance as always. Regards599Views0likes1CommentExport GTM Configuration to Text File
Hello all, Trying to go through our GTM Wide IPs and confirm whether or not the " Verify Virtual Server Availability" check box is selected. I figured I could export the config via SCF and then search but it only shows the high level system items in the SCF file and not the GTM configurations. Is there a way to do this? Thanks, BrianSolved540Views0likes2CommentsScript to export list of Virtual Servers attached with HTTP profiles
Hi, I'm been asked to update all the virtual servers having http profile with logging iRule. Now, in my environment I have thousands of virtuals servers in each BIG IP of APAC/ EMEA / US and therefore it would be laborious process to extract all this information and attach iRule to them. I'm looking for some script (to find virtual servers having http profile) that I can run on LTM which could be exported into excel so as to send that details to CAB meeting in our system and also it would be easy for me to delegate some of the work and to perform check and balance. It would be great if anyone can help me in this. Thanks, Sai499Views0likes3CommentsExporting resources from a Firepass 7.0
Hello, We are currently migrating from a Firepass 7.0 to a BIG-IP APM 11.6. All is going pretty well, the machine itself isn't that difficult to understand (for the things we do with it, which is just SSL-VPN at the moment). Testing RDP etc. is going well enough that I now want to have the whole configuration of the Firepass present on the APM. There is no export/import method because of the completely different way the APM does things, I get that. But what I would like to do is basically create a shell script and run everything through TMSH and make life a lot easier. What isn't easy at the moment though is that I have to somehow get all the RDP entries out of the Firepass so I can use them in my script. Is there any way of making this (a lot) easier? The XML export isn't really helpful. I would like to have some kind of output as "Type/Name/Host/Port/Settings etc" of all my RDP entries. If I only had like 10-20 entries, I'd enter them manually into my script. But seeing as we have around 150 of them I really rather not do that manually. Any help would be greatly appreciated. This is the only hurdle for us to take to bring the APM into full operation really :) With kind regards, DavidSolved447Views0likes2CommentsLTM v13: Certificate Archive does not work
Hi all, Anyone who got this to work? https://support.f5.com/csp/article/K146208 I have v13.1.0.2 and try to export certificates as a *.tgz but I get the following error: Key management library returned bad status: -99, Internal Error; connection not set and no session from which to get it So it is not possible to export the certs anymore 😞 Any hints are welcome! Thanks, Peter447Views0likes5Comments