Forum Discussion

David_Murphy_22's avatar
David_Murphy_22
Icon for Nimbostratus rankNimbostratus
Nov 27, 2014

v11.4.x tmsh - how to enable and select an ASM policy; DoS policy

From the GUI one chooses an LTM Virtual Server and selects the 'Security -> Policies' tabs to accomplish enabling and selecting the ASM and/or DoS policies. What are the CLI tmsh commands to accomplish the same? Thanks.

 

3 Replies

  • R_Marc's avatar
    R_Marc
    Icon for Nimbostratus rankNimbostratus

    ASM is a bit more complicated in TMSH. The GUI creates this goofie policy link. You'd need to do the same in TMSH but without the goofiness.

    First: create an ASM policy:

    create asm policy test-asm-policy { active encoding utf-8 blocking-mode enabled policy-template some-template } 
    

    Now you need to create an LTM policy referencing it:

    create ltm policy test-ltm-asm-policy { controls add {asm} requires add { http } rules add { default { actions add { 1 { asm enabled policy test-asm-policy } } } strategy first-match }
    

    Now you can add it to your Virtual with a create or modify

    modify ltm virtual test-http-virtual { policy add|replace-all-with { test-ltm-asm-policy }}
    

    I don't use DDos policies, but I'm sure it's a similar procedure.

  • it's my 1st day with cli, hacking at it, i got this to work: modify ltm virtual test-http-virtual profiles add { some-dos-policy }

     

  • I don't know if syntax changed from 11.4 to 11.5 but this syntax works for me with 11.5: tmsh create ltm policy test-ltm-asm-policy { controls add {asm} requires add { http } rules add { default { actions add { 1 { asm enable policy test-asm-policy } } } } strategy first-match }