f5-appsvcs-extension icon indicating copy to clipboard operation
f5-appsvcs-extension copied to clipboard

Published 20 hours ago verified publisher icon F5Networks

Add ASM Settings configuration

Open correiap opened this issue 3 years ago • 11 comments

Is your feature request related to a problem? Please describe.

As part of our F5 Onboarding Process we need to set some ASM Settings (below) that are non existing on AS3 nor DO

  • Anti-Virus Protection (ASM Integrated Services)
  • ASM Advanced Configuration - Systems Variables

Describe the solution you'd like

We'd like to perform such configuration trough AS3 or DO.

Describe alternatives you've considered

Today we're using Ansible to configure everything that can't be done either through DO or AS3, which adds complexity to our Onboarding process

Additional context

Ansible Tasks Workaround

Anti-Virus Protection (ASM Integrated Services) -

- name: Set ASM Antivirus Protection (ICAP)
  uri:
    url: https://{{ ansible_host }}:{{ bigip_port }}/mgmt/tm/asm/virus-detection-server
    user: "{{ bigip_admin_username }}"
    password: "{{ bigip_admin_password }}"
    headers:
      Content-Type: "application/json"
    body_format: json
    body: '{"guaranteeEnforcement":true,"hostname":"{{ icap_server.vs_ip }}", "port":{{ icap_server.port }} }'
    force_basic_auth: yes
    method: PATCH
    validate_certs: no
    return_content: no
    status_code: 201
  delegate_to: localhost

ASM Advanced Configuration - Systems Variables

  bigip_asm_advanced_settings:
    provider: "{{ provider }}"
    name: "{{ item.name }}"
    value: "{{ item.value }}"
  delegate_to: localhost
  loop:
     "{{ asm_adv_config_from_file.json }}"
  loop_control:
    pause: 10
  register: asm_sys_variables

correiap avatar Oct 04 '22 15:10 correiap

Thank you for your feedback. I have added this issue to our internal product backlog as AUTOTOOL-3518.

sunitharonan avatar Oct 13 '22 15:10 sunitharonan

@correiap after looking into this issue we believe that AS3 shouldn't be configuring the ASM API. This is something the ASM declaration API tooling needs to handle. Or handled by Ansible/Terraform. AS3 will simple add the ASM profile to the VirtualServer.

Closing out at this time.

mdditt2000 avatar Nov 07 '22 17:11 mdditt2000

@mdditt2000 That's why I asked it to be added to AS3 or DO. We need to set some ASM Variables and Anti-Virus Protection during the onboarding process. The idea is to minimize as much as possible the dependency of Ansible and/or Terraform.

correiap avatar Nov 07 '22 18:11 correiap

Understand however AS3 is application creation only. I asked the support engineer to reach out to the WAF API PM as this would be the better option. AS3/DO dont configure a WAF policy.

mdditt2000 avatar Nov 07 '22 18:11 mdditt2000

@mdditt2000 I'm not asking to configure a Policy. I want to configure ASM global settings. ASM Advanced System Variables are not related to WAF Policies. ICAP (integrated services, anti-virus protection configuration) is not a Policy feature either, it's related to to the device configuration.

correiap avatar Nov 07 '22 18:11 correiap

true those global settings should be adding via the /mgmt/tm/asm/ API

mdditt2000 avatar Nov 07 '22 18:11 mdditt2000

and those being global/base settings cannot be added to DO?

correiap avatar Nov 07 '22 18:11 correiap

@correiap one of the dev's is going to run some test to check if DO is an option. Standby

mdditt2000 avatar Nov 07 '22 18:11 mdditt2000

@correiap was able modify that object (mgmt/tm/asm/virus-detection-server) with curl so DO should be able to do this. Want to make sure i capture the required variables below

image

mdditt2000 avatar Nov 07 '22 20:11 mdditt2000

@mdditt2000 thanks, that's exactly what we need. Specially the restart ASM part, it's much easier if it's done at an early stage.

correiap avatar Nov 07 '22 22:11 correiap

Hi @mdditt2000, Do you have any updates on this enhancement request?

Thanks

correiap avatar Mar 28 '23 12:03 correiap