Forum Discussion

bboyjnr_8532's avatar
Mar 24, 2014

TMSH - ASM - 11.4 - adding ASM components to a VS

Hi Guys,

 

Does anyone happen to know the correct syntax to add an ASM enabled security profile/policy to a VS?

 

I have also tried to add one of the default ASM logging profiles but this still fails...

 

Configuration Items:

 

Log all requests Log illegal requests global-network local-dos

 

root@(bigip1)(cfg-sync Standalone)(Active)(/Common)(tmos) create ltm virtual vs_asm destination 1.1.1.1:80 pool asm_pool profiles add { http } profiles add { websecurity } security-log-profiles add { Log all requests }

 

01020036:3: The requested Security log profile (Log) was not found.

 

root@(bigip1)(cfg-sync Standalone)(Active)(/Common)(tmos)

 

Thanks,

 

B

 

6 Replies

  • Have you tried this in the GUI? Or did you only need to do it on the command line? It's pretty easy in the GUI, so you may want to try that. I can show you how if needed.

     

    • Mike_Maher's avatar
      Mike_Maher
      Icon for Nimbostratus rankNimbostratus
      So this is just a guess, but considering that the way the Virtual Server gets the traffic to ASM policy is through the a Local Traffic policy, perhaps you need to create a Local Traffic policy with the ASM rule first and attach the LT policy. You can do it either way way in the GUI if you just attach an ASM policy it will create the LT policy with the rule and attach it to the VS, but in the CLI there may only be one way. Again that is just a guess, if I get some time later today I will try and play with it and see for sure. If you happen to get it working please post the working syntax though.
  • Hi All,

     

    Had no luck with this, been playing around and can use tmsh to change a policy to blocking, I thought my luck was in when i noticed "virtual" as a component under the asm module but you can only "show" cpu stats.

     

    thanks mike found it in the gui /ltm/policies/policyname/rules, will have a play some more and see if its possible in TMSH otherwise its "point and click here i come! (160 times)"

     

    thanks,

     

    B

     

  • Something like this should work (I am doing this on 11.6):

    Download the policy from wherever you are hosting it

    curl <..your policy location...> asm-policy-linux-high.xml

    Load the policy from the file you downloaded

    tmsh load asm policy file /home/admin/asm-policy-linux-high.xml

    Create an LTM policy which we will use to attach the ASM policy

    tmsh create ltm policy policy-over-tmsh strategy first-match

    Add an asm rule to the ltm policy ruleset

    tmsh modify ltm policy policy-over-tmsh controls add { asm }

    Activate the asm policy

    tmsh modify asm policy /Common/linux-high active

    Attach the ASM policy via a rule in the LTM policy ruleset

    tmsh modify ltm policy policy-over-tmsh rules add { associate-asm-policy { actions replace-all-with { 0 { asm request enable policy /Common/linux-high } } } }

    Someone smarter than me can figure out how to collapse this into fewer tmsh commands.

  • Syntax's avatar
    Syntax
    Icon for Nimbostratus rankNimbostratus

    is it in implemmetation iApps? I had the same problem, missing esc seqeunce \ befor "

     

    example tmsh:modify ltm virtual VIRTUAL security-log-profile add { \"Log all request\" }