Forum Discussion

rs's avatar
rs
Icon for Nimbostratus rankNimbostratus
Aug 03, 2020

F5 ASM Template import query

I want to create new asm policy that will be used as a template for ASM security policy , i exported the new created asm policy with xml and binary format as a template and try to import both on another asm box it worked , However want to understand whats a difference between if we export and import policy template as a xml and binary , will both work in same way want to know the difference between xml without compact and binary in exporting and binary ?

whats a F5 recommendation to export and import in binary or xml without compact ?

request you to chekc and help me in answering this query

 

 

3 Replies

  • Hello,

     

    About Compact XML mode you can read next in OLH (Help tab):

     

    If you choose to export the security policy as an XML file, you can further choose to export in a compact format, which results in a smaller XML file. The differences between a security policy in regular format and in compact format are the following:

    • In compact format, the system does not export the staging state of attack signatures.
    • In compact format, the system exports information regarding the following items only if they are different from how they were created by default:
      • Meta-Character sets
      • Blocking Page Learn, Alarm, and Block settings
      • Response Pages
      • IP Reputation Categories

     

    There is no any difference in exported configuration between XML and binary format. The only difference is in representation this data in exported file - XML file is human readable and you can modify it, while binary is not.

     

    Thanks, Ivan

  • rs's avatar
    rs
    Icon for Nimbostratus rankNimbostratus

    Thanks for your response

    My query is if we create Generic application policy and would like to use that policy as template for future deployments then do we need to export the policy in XML or binary format , If we import either xml or binary teimplate on new asm boxes it would not make any difference as we can import policy in both xml and binary format and you pointed no difference between xml and binary format export only difference is that binary is not human readable .

    So need to know what F5 recommendation on it use binary export or import , or export and import via using xml format without compact

  • There is no specific recommendation, because there is no any difference between them - both formats are identical from functional point of you.

    Difference of compact mode is described above.

    I would say next - if you don't care about size of imported file, then better to use XML, because you will have ability to look inside and modify it (if you will need in future)... if you care about size of file, then use binary or XML compact.

     

    Thanks, Ivan