iControlSnapIn Problems
I'm at the end of my wits here, I've read through all the guides, followed each of them to a word, I've been through several uninstalls and restarts and I'm still nowhere near getting this snapin to work... Without further adieu, here's the complete list of errors I've been getting for the last several hours: Post install: Get-F5.LTMPool : The term 'Get-F5.LTMPool' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. At line:1 char:1 + Get-F5.LTMPool + ~~~~~~~~~~~~~~ + CategoryInfo : ObjectNotFound: (Get-F5.LTMPool:String) [], CommandNotFoundException + FullyQualifiedErrorId : CommandNotFoundException I guess I'd better try to add the snap-in again: Add-PSSnapIn : Cannot load Windows PowerShell snap-in iControlSnapIn because of the following error: The Windows PowerShell snap-in module C:\Program Files (x86)\F5 Networks\iControlSnapIn\iControlSnapin.dll does not have the required Windows PowerShell snap-in strong name iControlSnapIn, Version=11.2.0.0, Culture=neutral, PublicKeyToken=null. At C:\dev\ARM-Tools\Code Snippets\Shane\F5Helper.psm1:9 char:5 + Add-PSSnapIn iControlSnapIn + ~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidData: (iControlSnapIn:String) [Add-PSSnapin], PSSnapInException + FullyQualifiedErrorId : AddPSSnapInRead,Microsoft.PowerShell.Commands.AddPSSnapinCommand I resolved that by forcing a remove and then an add of the snap-in: Unregistering iControlSnapin.dll on platform '' Microsoft (R) .NET Framework Installation utility Version 2.0.50727.7905 Copyright (c) Microsoft Corporation. All rights reserved. Unregistering iControlSnapin.dll on platform '64' Microsoft (R) .NET Framework Installation utility Version 2.0.50727.7905 Copyright (c) Microsoft Corporation. All rights reserved. Registering iControlSnapin.dll on platform '' Microsoft (R) .NET Framework Installation utility Version 2.0.50727.7905 Copyright (c) Microsoft Corporation. All rights reserved. Registering iControlSnapin.dll on platform '64' Microsoft (R) .NET Framework Installation utility Version 2.0.50727.7905 Copyright (c) Microsoft Corporation. All rights reserved. Another attempt at using one of the cmdlets available through the snap-in: Initialize-F5.iControl : The term 'Initialize-F5.iControl' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. At line:1 char:1 + Initialize-F5.iControl + ~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : ObjectNotFound: (Initialize-F5.iControl:String) [], CommandNotFoundException + FullyQualifiedErrorId : CommandNotFoundException Maybe it didn't add the first 2 times, I should try it again: PS C:\program files (x86)\F5 Networks\iControlSnapin> Add-PSSnapIn iControlSnapIn Add-PSSnapIn : An item with the same key has already been added. At line:1 char:1 + Add-PSSnapIn iControlSnapIn + ~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [Add-PSSnapin], ArgumentException + FullyQualifiedErrorId : System.ArgumentException,Microsoft.PowerShell.Commands.AddPSSnapinCommand Looks like it's already there, I'd better remove it because it's not working: PS C:\program files (x86)\F5 Networks\iControlSnapin> Remove-PSSnapIn iControlSnapIn Remove-PSSnapIn : No Windows PowerShell snap-ins matching the pattern 'iControlSnapIn' were found. Check the pattern and then try the command again. At line:1 char:1 + Remove-PSSnapIn iControlSnapIn + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidArgument: (iControlSnapIn:String) [Remove-PSSnapin], PSArgumentException + FullyQualifiedErrorId : NoPSSnapInsFound,Microsoft.PowerShell.Commands.RemovePSSnapinCommand So I uninstall and reinstall and follow the guides again, just to get another failure message: Get-F5.LTMPool : The term 'Get-F5.LTMPool' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. At line:1 char:1 + Get-F5.LTMPool + ~~~~~~~~~~~~~~ + CategoryInfo : ObjectNotFound: (Get-F5.LTMPool:String) [], CommandNotFoundException + FullyQualifiedErrorId : CommandNotFoundException I'm running Windows 8.1, 64-bit, PS v.4. Can anyone help me get this going?Solved1.2KViews0likes12CommentsExport AFM firewall rules using Icontrol
Hi All, I am trying to export the complete firewall rule list using RestAPI in version 12.1.3 but I get the following response: command used: $select=rulesReference&expandSubcollections=true ver=12.1.3.1","isSubcollection":true}}]}'expandSubcollections' is not recognized as an internal or external command It seems the expandsubcollections command is not being recognized at all. Complete response is: {"kind":"tm:security:firewall:policy:policycollectionstate","selfLink":"https://localhost/mgmt/tm/security/firewall/policy?$select=rulesReference&ver=12.1.3.1","items":[{"rulesReference":{"link":"https://localhost/mgmt/tm/security/firewall/policy/~Common~DDCBU-Global/rules?ver=12.1.3.1","isSubcollection":true}},{"rulesReference":{"link":"https://localhost/mgmt/tm/security/firewall/policy/~Common~DDCBU-management/rules?ver=12.1.3.1","isSubcollection":true}},{"rulesReference":{"link":"https://localhost/mgmt/tm/security/firewall/policy/~Common~self-protect/rules?ver=12.1.3.1","isSubcollection":true}}]}'expandSubcollections' is not recognized as an internal or external command, operable program or batch file.Solved783Views0likes7CommentsAdd or delete a parameter from multiple ASM policy or modify multiple ASM policy via API (iControlREST)
Problem this snippet solves: Sometimes it is necessary to add a parameter into multiple policy or all policies or to delete a parameter from multiple policies. If you have hundreds of asm polices and you try to do it via GUI, It takes long time and It is boring. For example, you have a new vulnerability scanner and you want to add all policies, or your contract with a security analysis company and you want to delete their IP address from all asm policies. If you have lots of policy, this gets big issue. How to use this snippet: I wrote a sample bash script, It adds an IP into the trusted IP list of multiple asm policy or deletes an IP from the trusted IP list of all asm policies. Firstly, you must choose which asm polices you want to change. Use this command to get list of the asm policies and write it into a file(asmPolicies.txt😞 curl -k -u <admin>:<password> -H "Content-Type: application/json" -X GET https://<F5 IP Address>/mgmt/tm/asm/policies?$select=id,name,fullPath | jq -r '.items[] | "\(.id) \(.name) \(.fullPath)"' > asmPolicies.txt This is the sample content of an asmPolicies.txt [root@f5 asmPolicies]# cat asmPolicies.txt x3yyOJTe3CvcWJDMqpnrgQ First /Common/First RqXf73h6qZY94EFGVDSlbg SecPolManual_First /Common/SecPolManual_First d928o8by0WBrWdW7oadMQg SecPol-Lab14 /Common/SecPol-Lab14 i4LnoF4GwMKRhTZ81RCeSQ SecPol-Lab14.2 /Common/SecPol-Lab14.2 kLoqhuDoa6bEeBjcrFo4VA SecPol-Lab15.1 /Common/SecPol-Lab15.1 DvE_fPp2tLUZvJi8cb8Rpg SecPol-Lab15.2 /Common/SecPol-Lab15.2 52dxLNxjExt6QRNvbg7fHA SecPol-Lab15.3 /Common/SecPol-Lab15.3 DcSvljkbLZQD19adkVdV3A SecPol-Lab16.2 /Common/SecPol-Lab16.2 rJ6Mt9sPxzgLu6WHyyifLg SecPol-Lab16.4 /Common/SecPol-Lab16.4 Sy_0vNh-5VXal-xDlMXMqw Single_URI /Common/Single_URI Hzyj8pZF6flV3VhTkCFkig SecPol-Lab22.2 /Common/SecPol-Lab22.2 sPR5LNQrrf29I1xZ8MtcRA SecPol-Lab16.4_2 /Common/SecPol-Lab16.4_2 Secondly, check the asmPolicies.txt, and erase the lines which policies you dont want to change Last, copy updateAsmPolicies.sh(attached) in a directory, then run updateAsmPolicies.sh with an appropriate command and parameter Usage: updateAsmPolicies.sh command parameter Commands: -a, -add add an IP address into the trusted IP list -d, -delete delete an IP address from the trusted IP list -c, -change <orgIP-newIP> delete the orgIP from the trusted IP list, then add the newIP into the trusted IP list updateAsmPolicies.sh -a 1.1.1.1 -> adds 1.1.1.1 into the trusted IP list updateAsmPolicies.sh -d 1.1.1.1 -> delete 1.1.1.1 from the trusted IP list that is it. This is just a sample. Code : #!/bin/bash #### #### AUTHOR: FARUK AYDIN --- farukaydin at yahoo.com #### DATE: 2018.01.25 #### This script adds or deletes or changes the trusted IP addresses in the asm policies #### #### Prerequest commands: ####echo ####curl ####jq ####shift ####cut ####cat function usage { echo "Usage: $0 command parameter" echo "Commands:" echo "-a, -add add an IP address into the trusted IP lists" echo "-d, -delete delete an IP address from the trusted IP lists" echo "-c, -change delete the orgIP from trusted IP lists, then add the newIP into the trusted IP lists" exit 0 } if [ ${#@} == 0 ]; then usage fi addingIP() { echo adding $2 into $1 policy; curl -sk -u ${f5user}:${f5pass} -H "Content-Type: application/json" -X POST -d '{"ipAddress":"'"$2"'","ipMask":"255.255.255.255","trustedByPolicyBuilder":true}' https://${f5host}/mgmt/tm/asm/policies/$1/whitelist-ips } deleteIP() { md5IP=$(curl -sk -u ${f5user}:${f5pass} -H "Content-Type: application/json" -X GET https://${f5host}/mgmt/tm/asm/policies/$1/whitelist-ips | jq -r '.items[] | select(.ipAddress=="'"$2"'") |"\(.id)"') if [ -z "$md5IP" ]; then echo $2 is not found in $1 policy; else echo deleting $1 from $1 policy; curl -sk -u ${f5user}:${f5pass} -H "Content-Type: application/json" -X DELETE https://${f5host}/mgmt/tm/asm/policies/$1/whitelist-ips/${md5IP} fi } UNKNOWN=() param=0 whatTodo="nothing" whatToDoN=0 f5user="admin" f5pass="password" f5host="192.168.1.245" while [[ $# -gt 0 ]] do key="$1" case $key in -a|--add) ((param++)) addIP="$2" whatToDo="adding a new trusted IP(${addIP}) to all asm policies" whatToDoN=1 shift # past argument shift # past value ;; -d|--delete) ((param++)) delIP="$2" whatToDo="deleting the trusted IP(${delIP}) from all asm policies" whatToDoN=2 shift # past argument shift # past value ;; -c|--change) ((param++)) changeIP="$2" orgIP=$(echo $changeIP | cut -f1 -d-) newIP=$(echo $changeIP | cut -f2 -d-) if [ "${orgIP}" == "${newIP}" ] ; then orgIP=$(echo $changeIP | cut -f1 -d:) newIP=$(echo $changeIP | cut -f2 -d:) fi whatToDo="changing the trusted IP(${orgIP}) with the new IP(${newIP}) in all asm policies" whatToDoN=3 shift # past argument shift # past value ;; --default) DEFAULT=YES ((param++)) shift # past argument ;; *) # unknown option UNKNOWN+=("$1") # save it in an array for later shift # past argument ;; esac done if [ "${param}" -gt 1 ] ; then echo "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!" echo "!!!!!!!! you used ${param} commands !!!!!!!!" echo "!!! you must use only one command !!!" echo "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!" usage fi echo "${whatToDo}", Option: "${whatToDoN}" for i in $(cat asmPolicies.txt | cut -d " " -f 1); do case $whatToDoN in 1) addingIP $i $addIP ;; 2) deleteIP $i $delIP ;; 3) deleteIP $i $orgIP addingIP $i $newIP ;; esac done Tested this on version: 12.1623Views0likes0CommentsPowershell - Get Current Connection for Nodes
Hello, I've been unable to find any posts with solutions to this problem. It's been asked a few times, but either the question is never answered, or at the very least nobody can provide a way to do this with the PS Snapin's F5 developed. Question: How do you query for the Current Connections for a given Node? The cmdlets Get- and Get- don't seem to provide this information. Is there an object associated with 'Get-' cmdlet that will allow for this query? I can't seem to find any documentation for all the objects tied with this cmdlet. I think this might be the route to go, but am having a difficult time finding something for 'Current Connections'. I need a Powershell solution for this, not Bash or Python. Thank you for your help!600Views0likes3CommentsiControl Add-Snapin fails after setup
Received a new workstation and had to reload the icontrol code. This is a windows 10 workstation. I was able to run the setupSnapin and can see the snapin registered, but I cannot seem to Add-PSSnapin iControlSnapin. PLEASE point me in the right direction..... PS C:\Program Files\F5 Networks\iControlSnapIn> add-pssnapin iControlSnapIn add-pssnapin : Cannot load Windows PowerShell snap-in iControlSnapIn because of the following error: Could not load file or assembly 'iControlSnapin.dll' or one of its dependencies. The system cannot find the path specified. At line:1 char:1 + add-pssnapin iControlSnapIn + ~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidData: (iControlSnapIn:String) [Add-PSSnapin], PSSnapInException + FullyQualifiedErrorId : AddPSSnapInRead,Microsoft.PowerShell.Commands.AddPSSnapinCommand572Views0likes2CommentsUpload Certificate to BIG-IQ 5.3 with REST
Anyone have any experience uploading files to a BIG-IQ using the REST API? The API documentation for 4.2 details the /mgmt/shared/file-transfer/upload endpoint (also used by BIG-IPs) but while the endpoint still exists in 5.3, sending either a token or basic auth will result in a 401 (same code works for our BIG-IPs.) I did notice that the corresponding /download endpoint does not exist on our 5.3 BIG-IQ, so maybe file transferring is not implemented yet?Solved562Views0likes6CommentsWhy do calls to REST API fail?
We are seeing intermittent failures for calls to the rest api on 11.5.1 HF6. The TCP handshake completes, client sends SSL Client Hello, BigIP sends ACK, and no further packets are seen. Is this related to iControl/REST connection limits? In the icrd log I see: Nov 1 12:45:34 mylb notice icrd_child[31618]: 31618,31633, RestRequestSender, INFO,Connection idle too long fd:9 cached. Nov 1 12:45:42 mylb notice icrd: 8195,13830, RestRequestSender, INFO,Connection idle too long fd:13 cached. Nov 1 12:50:34 mylb notice icrd_child[31655]: 31655,31670, RestRequestSender, INFO,Connection idle too long fd:10 cached. Nov 1 12:50:52 mylb notice icrd: 8195,13830, RestRequestSender, INFO,Connection idle too long fd:13 cached. Nov 1 12:55:33 mylb notice icrd_child[31717]: 31717,31732, RestRequestSender, INFO,Connection idle too long fd:10 cached. Nov 1 12:56:02 mylb notice icrd: 8195,13830, RestRequestSender, INFO,Connection idle too long fd:13 cached. Nov 1 12:56:08 mylb notice icrd: 8195,13817, RestServer, INFO,Connection idle too long fd:11 Nov 3 13:05:33 mylb notice icrd_child[31936]: 31936,31951, RestRequestSender, INFO,Connection idle too long fd:10 cached. Nov 3 13:05:51 mylb notice icrd: 8195,13830, RestRequestSender, INFO,Connection idle too long fd:13 cached. Nov 3 13:06:08 mylb notice icrd: 8195,13817, RestServer, INFO,Connection idle too long fd:11 The restjavad log doesn't register anything during the failure time, and lsof shows the below. [myuser@mylb:Active:Changes Pending] ~ lsof -nPu apache | grep -E "(TCP|COMMAND)" COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME httpd 12579 apache 3u IPv6 1272168705 TCP *:80 (LISTEN) httpd 12579 apache 5u IPv6 1272168710 TCP *:443 (LISTEN) httpd 12579 apache 18u IPv4 1554156729 TCP 127.0.0.1:52743->127.0.0.1:8100 (CLOSE_WAIT) ...several iterations of the above... httpd 16246 apache 3u IPv6 1272168705 TCP *:80 (LISTEN) httpd 16246 apache 5u IPv6 1272168710 TCP *:443 (LISTEN) httpd 16246 apache 16u IPv6 1555163788 TCP 10.1.1.1:443->10.10.10.10:50000 (ESTABLISHED) httpd 16246 apache 18u IPv4 1554419261 TCP 127.0.0.1:43108->127.0.0.1:8100 (CLOSE_WAIT)526Views0likes3CommentsSOAP Request Formation for iControl
Hello, I am trying to get the list of virtual servers under all the partitions in the LTM using the below SOAP message. http://www.w3.org/2001/XMLSchema-instance"; xmlns:xsd="; xmlns:soapenv="; xmlns:vir="urn:iControl:LocalLB/VirtualServer"> ' target="_blank" rel="nofollow">http://schemas.xmlsoap.org/soap/encoding/"/>; But getting only the vs under common partition. Could someone please let me know how to get the list of virtual servers for all partitions.516Views0likes1Comment