biv_59618
Dec 08, 2017Nimbostratus
Applying Auto ASM Policy via TMSH
What I am trying to do is
- enable ASM profile
- add an ASM policy which is configured for Autopolicy
When done through the GUI it looks like this is the config. This is what I am trying to achieve on a large scale through tcl.
policies {
asm_auto_l7_policy__someserver.domain.com { }
}
profiles {
ASM_someprofile-WAF { }
}
`
How do I get the the system to "auto-generate" the policy component of "asm_auto_l7_policy__someserver.domain.com"?
Doing this
`modify ltm virtual /network-test/dumb2_443 profiles add {ASM_someprofile-WAF}`
results in an error that the policy does not match the asm-controlling policiy. I think it needs to be
`modify ltm virtual /network-test/dumb2_443 profiles add {ASM_someprofile-WAF} policies add {INSERT DYNAMIC POLICY NAME?}`
But how do I get it to generate that dynamic policy? On the ASM its use autogenerate.
Here is what happens when I try the above
`modify ltm virtual /network-test/dumb2_443 profiles add {ASM_someprofile-WAF} policies add {asm_auto_l7_policy__dumb2_443}`
01070734:3: Configuration error: The bot-defense-asm profile /Common/ASM_someprofile-WAF was added to virtual server /network-test/dumb2_443 but it does not match the asm-controlling policy. The bot-defense-asm profile is added to the virtual server automatically.
Nothing actually changes though.