Forum Discussion

blwavg_10621's avatar
blwavg_10621
Icon for Nimbostratus rankNimbostratus
Sep 25, 2015

How to Rename an ASM Policy

  1. Make a new ASM policy with the desired ASM policy name. You will have to go through the entire setup process.

     

  2. Export the incorrectly named ASM policy on the appliance. You can do either XML or Binary. You can read about the different types here (https://support.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-implementations-11-4-0/5.html NOTE: this is version specific), for this operation, I prefer binary for this specific action.

     

  3. Import the policy that was exported in Step 2. For the "Import Target" replace the policy that has the new name created in step 1.

     

  4. Apply the newly named profile to the virtual server, and remove the old one.

     

I found this out while doing some testing today, and seems to work like a charm. Let me know how it works or if there is a better way.

 

ASM Advanced WAF
management
security

2 Replies

Sort By
  • cjunior's avatar
    cjunior
    Icon for Nacreous rankNacreous
    Sep 28, 2015

    Hello,

     

    Sometimes I write directly the bigip.conf file, then I reload it.

     

    It may not be the most interesting way, since you can make a mistake when manually changes, but in simpler environments, this can be more easy to do.

     

    [ ]

     

  • Hannes_Rapp's avatar
    Hannes_Rapp
    Icon for Nimbostratus rankNimbostratus
    Sep 28, 2015

    A few comments in regards to modifying ASM policy names in the /config/bigip.conf file, as mentioned by cjunior.

     

    This would be the fastest option, but you must be aware that this procedure involves an impact. As you load the modified bigip.conf file, your ASM policy with a new name will be de-attached from the Virtual Server and will be moved to Inactive Policies list. If you take this approach, you must be quick to manually re-activate your modified Policy and attach it to a relevant Virtual Server. There will be a small window of impact where your application is not protected by ASM. In any case, the prodecure is viable when working with non-production policies.

     

    If you want to modify the name of an ASM policy without any impact to production traffic, you can use the procedure as descrived by blwavg. An equally good option would be defining your current Policy as Template, and then using it to create a new Policy with the desired name.