search

F5Networks / f5-appsvcs-templates

F5 BIG-IP Application Service Templates (FAST)
Apache License 2.0
32 stars 13 forks source link

ASM deployment from HTTP Application Template #87

Closed chungyu2 closed 2 years ago

chungyu2 commented 2 years ago

Environment

Summary

A clear and concise description of what the bug is. Include information about the reproducibility and the severity/impact of the issue.

When using the HTTP Application template - the option to enable WAF fails on the first pass, the WAF is created but not put on the VS. After it is created, you need go an edit app again to enable it.

Another issue you can not choose another WAF profile from the same partition or from the common partiton.

Steps To Reproduce

List the steps to reproduce the behavior: 1) create your app using HTTP Application - choose to enable WAF 2) Declaration Failed - ASMconfig exception:[303] Set Active failed 3) redeploy again to have WAF enable

Expected Behavior

A clear and concise description of what you expected to happen.

I would have expected the WAF to be added on the first deployment or an option to choose another WAF template vs a new created one

Actual Behavior

A clear and concise description of what actually happens. Please include any applicable error output.

WAF is not deployed with the VS on the first pass and a error - Declaration Failed - ASMconfig exception:[303] Set Active failed

shyawnkarim commented 2 years ago

Thanks for reporting this. We are now tracking it internally with ID MYSTIQUE-521.

shyawnkarim commented 2 years ago

Our engineering team was unable to reproduce this bug.

When we deployed an HTTP app (/test/gh), with WAF enabled, it created the WAF policy and added it to the virtual server. Then we checked if it had the profile attached in the Configuration Utility and it was there on the Virtual Server's Security tab, under Application Security Policy, and it was in Security -> Application Security -> Security Policies. Finally, we redeployed the application and confirmed there was no difference between the config, both in TMSH or in the GUI.

This might be an ASM bug that is affecting you. We didn't find any bugs that reference your error message but Bug ID 759360 has a workaround when a database is corrupted.

chungyu2 commented 2 years ago

Hi

When I was using the FAST template - the WAF policy that gets created is a Rapid Deployment Policy in transparent mode. Why can I not choose a pre-existing WAF policy from /Common ?

Thanks

chungyu2 commented 2 years ago

Hi

Are there any updates or do you need any additional information required? Should I ask for a enhancement to the FAST template, essentially it would be nice to choose existing WAF or AFM policy we created in the /Common partition.

I am currently testing this a VM lab edition version 16.1.0 - are there any restrictions on a licensed lab VM versus a real F5?

Thanks

Chung

shyawnkarim commented 2 years ago

We are now tracking this new request with internal ID MYSTIQUE-543. What templates do you need to be able to choose an existing policy for?

There shouldn't be any limitations between your lab and a real production environment.

shyawnkarim commented 2 years ago

Closing. This issue was resolved with Release 1.15.0.