shyawnkarim
commented
1 year ago Thanks for submitting this issue. This bug is now being tracked internally with ID, EC-171.
Closed PatricDahl closed 1 year ago
shyawnkarim
commented
1 year ago Thanks for submitting this issue. This bug is now being tracked internally with ID, EC-171.
joelkeener
commented
1 year ago Hello @PatricDahl Hey, were you looking in the Applications tab on the FAST GUI or in the Configuration Utility's virtual server list? If in the latter, you'd need to select the Prod partition in the upper right hand corner first.
DahlPatric
commented
1 year ago Hi @joelkeener, in FAST template Application Tab I see successful create operation but when looking in same Partition under Local Traffic no objects visible.
If I list bigip.conf I can see configuration.
` cat bigip.conf
asm policy /Prod4/MyFirstWAF4/asm_policy { active encoding utf-8 } ltm node /Prod4/2.2.2.6 { address 2.2.2.6 } ltm node /Prod4/5.4.3.1 { address 5.4.3.1 } ltm pool /Prod4/MyFirstWAF4/MyFirstWAF4 { load-balancing-mode predictive-node members { /Prod4/2.2.2.6:443 { address 2.2.2.6 metadata { source { value declaration } } } /Prod4/5.4.3.1:443 { address 5.4.3.1 metadata { source { value declaration } } } } min-active-members 1 monitor min 1 of { /Common/https } } ltm profile client-ssl /Prod4/MyFirstWAF4/wildcard.abc.net { alert-timeout indefinite allow-dynamic-record-sizing disabled allow-expired-crl disabled allow-non-ssl disabled app-service none authenticate once c3d-drop-unknown-ocsp-status drop c3d-ocsp none ca-file none cache-timeout 3600 cert-extension-includes none cert-key-chain { set0 { cert /Common/default.crt key /Common/default.key } } cert-lookup-by-ipaddr-port disabled cipher-group none ciphers DEFAULT client-cert-ca none crl-file none description none hostname-whitelist none inherit-ca-certkeychain true inherit-certkeychain false mode enabled ocsp-stapling disabled options { dont-insert-empty-fragments no-ssl no-tlsv1.3 no-sslv3 } peer-cert-mode ignore proxy-ssl disabled proxy-ssl-passthrough disabled renegotiate-max-record-delay indefinite renegotiate-period indefinite renegotiate-size indefinite renegotiation enabled retain-certificate true secure-renegotiation require server-name none sni-default false sni-require false ssl-c3d disabled ssl-forward-proxy disabled ssl-forward-proxy-bypass disabled unclean-shutdown enabled } ltm profile server-ssl /Prod4/MyFirstWAF4/pTlsClient_Local { alert-timeout indefinite allow-expired-crl disabled app-service none authenticate once authenticate-name none c3d-ca-cert none c3d-ca-key none c3d-cert-extension-includes { basic-constraints extended-key-usage key-usage subject-alternative-name } c3d-cert-lifespan 24 ca-file /Common/ca-bundle.crt cache-timeout 3600 cert /Common/default.crt chain none cipher-group none ciphers DEFAULT crl-file none description none expire-cert-response-control drop key /Common/default.key options { dont-insert-empty-fragments no-tlsv1.3 } peer-cert-mode ignore proxy-ssl disabled proxy-ssl-passthrough disabled renegotiate-period indefinite renegotiate-size indefinite renegotiation enabled retain-certificate true secure-renegotiation require-strict server-name none session-ticket disabled sni-default false sni-require false ssl-c3d disabled ssl-forward-proxy disabled ssl-forward-proxy-bypass disabled unclean-shutdown enabled untrusted-cert-response-control drop } security bot-defense asm-profile /Prod4/MyFirstWAF4/ASM_asm_policy { app-service none } `
joelkeener
commented
1 year ago I was able to deploy the HTTP Template with a FAST-Generated WAF Security Policy. After that, I was able to view the MyFirstWAF1 and MyFirstWAF1-Redirect- virtual servers and the MyFirstWAF1_pool pool in the Prod partition.
I am seeing more objects in my /config/partitions/Prod/bigip.conf than you show above. Yours only created the asm policy, pool, client and server ssl profiles and a bot-defense profile.
Can you please share your rendered template, by clicking the Rendered tab on the Debug View below the http template's form?
Here is the declaration I submitted:
{
"class": "ADC",
"schemaVersion": "3.0.0",
"id": "urn:uuid:a858e55e-bbe6-42ce-a9b9-0f4ab33e3bf7",
"Prod": {
"class": "Tenant",
"MyFirstWAF1": {
"class": "Application",
"template": "generic",
"MyFirstWAF1": {
"virtualAddresses": [
"10.1.1.2"
],
"virtualPort": 443,
"redirect80": true,
"snat": "auto",
"persistenceMethods": [
"cookie"
],
"class": "Service_HTTPS",
"serverTLS": "MyFirstWAF1_tls_server",
"pool": "MyFirstWAF1_pool",
"profileHTTP": {
"use": "MyFirstWAF1_http"
},
"profileHTTPAcceleration": "basic",
"profileHTTPCompression": "basic",
"profileMultiplex": "basic",
"profileTCP": {
"ingress": "wan",
"egress": "lan"
},
"policyEndpoint": [],
"iRules": [],
"policyWAF": {
"use": "MyFirstWAF1_waf_policy"
},
"securityLogProfiles": []
},
"MyFirstWAF1_tls_server": {
"class": "TLS_Server",
"certificates": [
{
"certificate": "MyFirstWAF1_certificate"
}
]
},
"MyFirstWAF1_certificate": {
"class": "Certificate",
"certificate": {
"bigip": "/Common/default.crt"
},
"privateKey": {
"bigip": "/Common/default.key"
}
},
"MyFirstWAF1_pool": {
"class": "Pool",
"members": [
{
"serverAddresses": [
"10.0.0.1"
],
"servicePort": 80,
"connectionLimit": 0,
"priorityGroup": 0,
"shareNodes": true
}
],
"loadBalancingMode": "least-connections-member",
"slowRampTime": 300,
"monitors": [
{
"use": "MyFirstWAF1_monitor"
}
]
},
"MyFirstWAF1_monitor": {
"class": "Monitor",
"monitorType": "http",
"interval": 30,
"timeout": 91,
"send": "GET / HTTP/1.1\r\nHost: example.com\r\nConnection: Close\r\n\r\n",
"receive": ""
},
"MyFirstWAF1_http": {
"class": "HTTP_Profile",
"xForwardedFor": true
},
"MyFirstWAF1_waf_policy": {
"class": "WAF_Policy",
"policy": {
"text": "{ \"policy\": { \"template\": { \"name\": \"POLICY_TEMPLATE_RAPID_DEPLOYMENT\" } } }"
},
"ignoreChanges": true
}
}
}
}Hello Again @PatricDahl, Are you still having this issue? If so, can you please share your rendered template, by clicking the Rendered tab on the Debug View below the http template's form?
joelkeener
commented
1 year ago Hello Again @PatricDahl, please let us know if you still need help with this, and provide the data requested in the previous comment if you do. Closing this case now. Thank you.
Environment
Summary
Configured service with FAST template and with provided Application name (Not using ServiceMain). Deployment went successful but after no objects shown in GUI.
Steps To Reproduce
title: Standard HTTP Application with WAF description: Standard HTTP application with predictive-node pool and WAF Policy. parameters: tenant_name: "" application_name: "" virtual_address: "" virtual_port: "" service_port: "" server_addresses: "" definitions: tenant_name: title: Tenant Name type: string description: partition on bigip application_name: title: Application name type: string description: APM ID virtual_address: title: Virtual Server type: string description: Endpoint there request should be sent to application virtual_port: title: Virtual port type: integer description: Virtual server listening port service_port: title: Service port type: integer description: Application server listening port server_addresses: title: Application servers type: array description: Application servers which should be part in service template: | { "$schema": "https://raw.githubusercontent.com/F5Networks/f5-appsvcs-extension/master/schema/latest/as3-schema.json", "class": "AS3", "action": "deploy", "persist": true, "declaration": { "class": "ADC", "schemaVersion": "3.36.0", "id": "urn:uuid:e42f5287-de2e-4ade-8d44-c1d2175455eb", "label": "Sample 1", "remark": "Simple HTTP application with RR pool and WAF Policy", "{{tenant_name}}": { "class": "Tenant", "{{application_name}}": { "class": "Application", "{{application_name}}": { "class": "Service_HTTP", "virtualPort": {{virtual_port}}, "virtualAddresses": [ "{{virtual_address}}" ], "pool": "{{application_name}}", "policyWAF": { "bigip": "/Common/MyWaf" } }, "{{application_name}}": { "class": "Pool", "loadBalancingMode": "predictive-node", "monitors": [ "http" ], "members": [ { "servicePort": {{service_port}}, "serverAddresses": {{server_addresses::array}} } ] } } } } }
Expected Behavior
Object should be visible in GUI.
Actual Behavior
No objects visible
Additional
AS3 Result after deployment
{ "id": "8ed43971-031e-4a92-9f95-62d64e6ca78f", "code": 200, "message": "success", "name": "ABC/http-waf-pred", "parameters": { "tenant_name": "Prod", "application_name": "MyFirstWAF1", "virtual_address": "1.2.3.10", "virtual_port": 443, "service_port": 443, "server_addresses": [ "5.4.3.72" ] }, "tenant": "Prod", "application": "MyFirstWAF1", "operation": "create", "timestamp": "2023-03-16T09:59:36.989Z", "host": "localhost", "_links": { "self": "/mgmt/shared/fast/tasks/8ed43971-031e-4a92-9f95-62d64e6ca78f" } }
{ "class": "Application", "MyFirstWAF1": { "class": "Pool", "loadBalancingMode": "predictive-node", "monitors": [ "http" ], "members": [ { "servicePort": 443, "serverAddresses": [ "5.4.3.72" ] } ] }, "constants": { "class": "Constants", "fast": { "template": "ABC/http-waf-pred", "setHash": "8aeb35346354644272b24a6a808570344f85fda765552d013efa578c0c8ad647", "view": { "tenant_name": "Prod", "application_name": "MyFirstWAF1", "virtual_address": "1.2.3.10", "virtual_port": 443, "service_port": 443, "server_addresses": [ "5.4.3.72" ] }, "templateType": "local", "lastModified": "2023-03-16T09:59:17.099Z", "ipamAddrs": {} } }, "_links": { "self": "/mgmt/shared/fast/applications/Prod/MyFirstWAF1" } }