Forum Discussion

DLP_138742's avatar
DLP_138742
Icon for Nimbostratus rankNimbostratus
Dec 16, 2015
Solved

Exporting resources from a Firepass 7.0

Hello,

 

We are currently migrating from a Firepass 7.0 to a BIG-IP APM 11.6. All is going pretty well, the machine itself isn't that difficult to understand (for the things we do with it, which is just SSL-VPN at the moment). Testing RDP etc. is going well enough that I now want to have the whole configuration of the Firepass present on the APM.

 

There is no export/import method because of the completely different way the APM does things, I get that. But what I would like to do is basically create a shell script and run everything through TMSH and make life a lot easier. What isn't easy at the moment though is that I have to somehow get all the RDP entries out of the Firepass so I can use them in my script.

 

Is there any way of making this (a lot) easier? The XML export isn't really helpful. I would like to have some kind of output as "Type/Name/Host/Port/Settings etc" of all my RDP entries. If I only had like 10-20 entries, I'd enter them manually into my script. But seeing as we have around 150 of them I really rather not do that manually.

 

Any help would be greatly appreciated. This is the only hurdle for us to take to bring the APM into full operation really :)

 

With kind regards,

 

David

 

APM
application delivery
export
TMSH
  • Lucas_Thompson_'s avatar
    Lucas_Thompson_
    Dec 16, 2015

    Does the XML contain the data you need?

     

    The way I usually approach this problem is by writing some script in perl or python to digest the data and spit it back out as a series of TMSH resource create commands. I have a script put together for a project that contained about 1000 Portal Access resource -> Active Directory group mappings, but RDP resources are going to be completely different.

     

    The big problem with this is that the specifics are highly site dependent. As you're aware, APM has no notion of "groups" as Firepass does. This makes the system incredibly flexible, but does complicate the initial configuration.

     

    I'd probably either write or find someone that is capable with some scripting lanugage (js, perl, python, ruby, powershell, .NET, whatever), have sample output (tmsh commands) and sample input (your XML file), and get that person to spend a few hours to the mapping.

     

2 Replies

Sort By
  • Lucas_Thompson_'s avatar
    Lucas_Thompson_
    Historic F5 Account
    Dec 16, 2015

    Does the XML contain the data you need?

     

    The way I usually approach this problem is by writing some script in perl or python to digest the data and spit it back out as a series of TMSH resource create commands. I have a script put together for a project that contained about 1000 Portal Access resource -> Active Directory group mappings, but RDP resources are going to be completely different.

     

    The big problem with this is that the specifics are highly site dependent. As you're aware, APM has no notion of "groups" as Firepass does. This makes the system incredibly flexible, but does complicate the initial configuration.

     

    I'd probably either write or find someone that is capable with some scripting lanugage (js, perl, python, ruby, powershell, .NET, whatever), have sample output (tmsh commands) and sample input (your XML file), and get that person to spend a few hours to the mapping.

     

  • DLP's avatar
    DLP
    Icon for Nimbostratus rankNimbostratus
    Dec 17, 2015

    Lucas, thanks for your answer! I kinda expected this answer as well :) The Firepass, albeit a very good device for it's time, never had proper exports of data or views of what resource belongs to which user etc. etc. So the migration will be a time consuming effort but gladly also a one time thing. At the moment I'm using some Notepad++ reorganizing of the resources and stick them in a simple script with which I can easily apply them to the APM.

     

    Thanks again :)