In this lab, the iControl REST based API will be used to create an address list that will be used with an AFM policy in a later lab.
Follow the below steps in order found in the Postman collection to complete this portion of the lab. The requests and responses have been included below for reference.
Attention
Some response content has been removed for brevity.
Request
GET https://{{big_ip_a_mgmt}}/mgmt/tm/security/firewall/policy
Headers
X-F5-Auth-Token: {{big_ip_a_auth_token}}
Example Response
Note
A test policy has already been created on the BIG-IP for demonstration purposes.
{
"kind": "tm:security:firewall:policy:policycollectionstate",
"selfLink": "https://localhost/mgmt/tm/security/firewall/policy?ver=13.0.0",
"items": [
{
"kind": "tm:security:firewall:policy:policystate",
"name": "block_all",
"partition": "Common",
"fullPath": "/Common/block_all",
"generation": 5789,
"selfLink": "https://localhost/mgmt/tm/security/firewall/policy/~Common~block_all?ver=13.0.0",
"rulesReference": {
"link": "https://localhost/mgmt/tm/security/firewall/policy/~Common~block_all/rules?ver=13.0.0",
"isSubcollection": true
}
}
]
}
Request
GET https://{{big_ip_a_mgmt}}/mgmt/tm/security/firewall/address-list
Headers
X-F5-Auth-Token: {{big_ip_a_auth_token}}
Example Response
Note
A test address list has already been created on the BIG-IP for demonstration purposes.
{
"kind": "tm:security:firewall:address-list:address-listcollectionstate",
"selfLink": "https://localhost/mgmt/tm/security/firewall/address-list?ver=13.0.0",
"items": [
{
"kind": "tm:security:firewall:address-list:address-liststate",
"name": "test_address_list",
"partition": "Common",
"fullPath": "/Common/test_address_list",
"generation": 6326,
"selfLink": "https://localhost/mgmt/tm/security/firewall/address-list/~Common~test_address_list?ver=13.0.0",
"addresses": [
{
"name": "1.1.1.1"
}
]
}
]
}
An HTTP POST to the /mgmt/tm/security/firewall/address-list/
endpoint with a body containing the configuration creates an address list that can be used with a firewall policy.
Request
POST https://{{big_ip_a_mgmt}}/mgmt/tm/security/firewall/address-list/
Headers
Content-Type: application/json
X-F5-Auth-Token: {{big_ip_a_auth_token}}
Body
{
"name": "google-dns_address_list",
"addresses": [
{
"name": "8.8.4.4"
}
]
}
Example Response
Note
Copy the name of the address list, highlighted below, from the response into the afm_address_list Postman environment variable.
{
"kind": "tm:security:firewall:address-list:address-liststate",
"name": "google-dns_address_list",
"partition": "Common",
"fullPath": "/Common/google-dns_address_list",
"generation": 11436,
"selfLink": "https://localhost/mgmt/tm/security/firewall/address-list/~Common~google-dns_address_list?ver=13.0.0",
"addresses": [
{
"name": "8.8.4.4"
}
]
}
Note
Ensure that the afm_address_list Postman environment variable has been populated with the name of the address list.
Request
GET https://{{big_ip_a_mgmt}}/mgmt/tm/security/firewall/address-list/{{afm_address_list}}
Headers
X-F5-Auth-Token: {{big_ip_a_auth_token}}
Example Response
{
"kind": "tm:security:firewall:address-list:address-liststate",
"name": "google-dns_address_list",
"partition": "Common",
"fullPath": "/Common/google-dns_address_list",
"generation": 11436,
"selfLink": "https://localhost/mgmt/tm/security/firewall/address-list/~Common~google-dns_address_list?ver=13.0.0",
"addresses": [
{
"name": "8.8.4.4"
}
]
}
An HTTP PATCH to the /mgmt/tm/security/firewall/address-list/{{afm_address_list}}
endpoint with a body containing all addresses that should exist in the address list will update this collection.
Request
PATCH https://{{big_ip_a_mgmt}}/mgmt/tm/security/firewall/address-list/{{afm_address_list}}
Headers
Content-Type: application/json
X-F5-Auth-Token: {{big_ip_a_auth_token}}
Note
Include the contents of the address list plus the new address(es) to ensure that the contents are not overwritten.
Body
Warning
When patching an address list, be sure to include all addresses (e.g. existing and new) to ensure that the list does not get overwritten.
{
"addresses": [
{
"name": "8.8.4.4"
},
{
"name": "8.8.8.8"
}
]
}
Example Response
{
"kind": "tm:security:firewall:address-list:address-liststate",
"name": "google-dns_address_list",
"partition": "Common",
"fullPath": "/Common/google-dns_address_list",
"generation": 11436,
"selfLink": "https://localhost/mgmt/tm/security/firewall/address-list/~Common~google-dns_address_list?ver=13.0.0",
"addresses": [
{
"name": "8.8.4.4"
},
{
"name": "8.8.8.8"
}
]
}