Forum Discussion

MarioMeas's avatar
MarioMeas
Icon for Nimbostratus rankNimbostratus
Dec 20, 2016

TMSH command to assign ASM policy to a vip.

Hello. To assign an ASM security policy to a virtual server via the GUI I would go to Local Traffic -> Virtual Servers -> Virtual Server List, click on the Virtual Server, click Security -> Policies, under Application Security Policy I would choose "Enable", then choose the Policy.

 

How would I accomplish the same via the TMSH command? Thanks.

 

3 Replies

  • Consider the below naming conventions:

     

    ASM Policy name: ASM_Policy

     

    Virtual server name : HTTP_VS1

     

    Below is the command:

     

    tmsh create ltm policy asm_policy_HTTP_VS1 { controls add { asm } requires add { http } rules add { default { actions add { 1 { asm enable policy ASM_Policy } } ordinal 1 } } }

     

    tmsh modify ltm virtual HTTP_VS1 policies add { asm_policy_HTTP_VS1 }

     

    tmsh save sys config

     

  • Thank you Nazir. What's the best way to accomplish the above steps using Rest? Thanks.

     

    • Nazir_52641's avatar
      Nazir_52641
      Icon for Cirrus rankCirrus

      Get the ID of the existing ASM policy:

       

      curl -sku admin:admin | ./jq '.items[] | "pol_name:" + .fullPath + ";api_id:" + .id'

       

      Assign ASM policy with id ZsKuSt3CrOF9LBMAapLOkg to VS HTTP_VS1:

       

      curl -sku admin:admin -X PATCH -H "Content-Type: application/json" -d '{ "virtualServers" : ["/Common/HTTP_VS1"] }' | ./jq