I know ASM save the backup in history for changes. I wonder if I can schedule to export ASM policy to file system? For example, schedule to save ASM policy every day?
I don't think you can. You can write your own script that does this via the iControl REST API though.
I'm pretty sure that this can't be done using the Web UI of the BIG-IP. If you don't mind using the SSH you could do this creating a cron job that will execute /usr/share/ts/bin/import_export_policy.pl script once a day.
The cron entry would probably look something like this:
0 23 * * * perl /usr/share/ts/bin/import_export_policy.pl -a export -f /var/asmbackup/policyName.bak -p 18 --format xml
-f is the location and the name of the file where the policy will be saved
-p is the ID of the policy which to the best of my knowledge can be obtained by looking at the link of the policy edit page in Active Policies view
I understand that this is a bit messy, but it is the best I could figure out.
If you don't mind using an external system to perform this backup you could use iControl REST API for this. You could send a POST request to the /mgmt/tm/asm/tasks/export-policy endpoint with the following body:
The .xml file will be saved to the BIG-IP file system in the /var/ts/var/rest directory. A script could be created that could be scheduled on cron on Windows Scheduler depending on your system which would execute this script once a day and possibly store these files on another system.
If you decide to go this way, I could help you out with the script.