Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Clear all filters

Applying Auto ASM Policy via TMSH

What I am trying to do is

  • enable ASM profile
  • add an ASM policy which is configured for Autopolicy

When done through the GUI it looks like this is the config. This is what I am trying to achieve on a large scale through tcl.

   policies {
            asm_auto_l7_policy__someserver.domain.com { }
        profiles {
            ASM_someprofile-WAF { }

How do I get the the system to "auto-generate" the policy component of "asm_auto_l7_policy__someserver.domain.com"?

Doing this

`modify ltm virtual /network-test/dumb2_443 profiles add {ASM_someprofile-WAF}`

results in an error that the policy does not match the asm-controlling policiy. I think it needs to be

`modify ltm virtual /network-test/dumb2_443 profiles add {ASM_someprofile-WAF} policies add {INSERT DYNAMIC POLICY NAME?}`

But how do I get it to generate that dynamic policy? On the ASM its use autogenerate.

Here is what happens when I try the above

<pre>`modify ltm virtual /network-test/dumb2_443 profiles add {ASM_someprofile-WAF} policies add {asm_auto_l7_policy__dumb2_443}`

01070734:3: Configuration error: The bot-defense-asm profile /Common/ASM_someprofile-WAF was added to virtual server /network-test/dumb2_443 but it does not match the asm-controlling policy. The bot-defense-asm profile is added to the virtual server automatically.

Nothing actually changes though.

Rate this Question
Comments on this Question
Comment made 08-Dec-2017 by biv 17

So I have figured out I need to create the LTM policy first, through TMS this has been troublesome, if anyone can help me with the nested syntax, it has gotten very nested and just looking for a little help. This is the end result I am aiming for:

ltm policy asm_auto_l7_test.com {
    controls { asm }
    requires { http }
    rules {
        default {
            actions {
                1 {
                    policy /Common/WAF
            ordinal 1
    status legacy
    strategy first-match

This is what I got but tripping up on the nested for rules subset

create ltm policy test1 controls add {asm} requires add {http} rules add {defualt {ordinal 1{} actions add{1{policy /Common/WAF}}}}

Comment made 17-Jan-2018 by biv 17

Anyone had luck with this?


Answers to this Question