Hello All,
As I've looked into working our F5 LTM configurations into the Compliance Policy Reports module, I've noticed a behavior that I haven't been able to account for. I'm hoping to get some insight into any workarounds anyone might have found.
The core of the issue is that the bigip.conf configuration file is stored as the Running configuration and the bigip_base.conf configuration file is stored as the Startup configuration. These configurations might overlap slightly, but they are NOT the same. This is a departure from the general NCM line of thinking, where the assumption is that a Running config that differs from a Startup config is assumed to be in conflict.
The problem trickles into the Compliance Policy Reports because I haven't found a way to explicitly define which configuration a rule references. It seems to just prefer the most recent Startup config if one exists. This means that if you want to have a rule that looks for something in bigip.conf, then you're out of luck.
Has anyone been able to address this issue? Thanks in advance,
-Frank