Checking whether policies are in use.


Describes how you use the REST API to determine if a policy is in use. A policy is in use if a virtual server of specific device has the policy attached to it. A special virtual server called ‘inactive’ can be used to associate a policy to a device without actually using it to secure traffic.

Perform the REST API actions in the following order:

  1. Perform a GET operation to determine the selfLink of a policy.
  2. Perform a GET operation to the virtual-servers collection with a filter to find if any virtual servers are using that policy.

REST API actions.

Perform a GET operation on the virtual-servers collection, filtering the results by attachedPoliciesReferences field to retrieve virtual servers that are using the policy that was retrieved above in step #1 of the example.

GET https://<mgmtip>/mgmt/cm/asm/working-config/virtual-servers?$filter=attachedPoliciesReferences/link eq 'https://localhost/mgmt/cm/asm/working-config/policies/1005831c-7e40-30ed-bd0d-f8068526d7ef'

The following is the JSON response from the GET operation when one virtual server is using it:

    "selfLink": "https://localhost/mgmt/cm/asm/working-config/virtual-servers",
    "totalItems": 1,
    "items": [
            "address": "",
            "asmEnabled": true,
            "attachedPoliciesReferences": [
                    "id": "1005831c-7e40-30ed-bd0d-f8068526d7ef",
                    "name": "Policy_1",
                    "kind": "cm:asm:working-config:policies:policystate",
                    "partition": "Common",
                    "link": "https://localhost/mgmt/cm/asm/working-config/policies/1005831c-7e40-30ed-bd0d-f8068526d7ef"
            "deviceReference": {
                "id": "c1444144-11e7-47e6-8e91-eaa913826a7f",
                "name": "",
                "kind": "shared:resolver:device-groups:restdeviceresolverdevicestate",
                "machineId": "c1444144-11e7-47e6-8e91-eaa913826a7f",
                "link": "https://localhost/mgmt/shared/resolver/device-groups/cm-asm-allAsmDevices/devices/c1444144-11e7-47e6-8e91-eaa913826a7f"
            "generation": 3,
            "hasAttachedPolicies": true,
            "id": "fc4cb3cf-b2d8-378a-8a64-07a27e60316c",
            "isAdvanced": false,
            "isInactivePoliciesHolder": false,
            "kind": "cm:asm:working-config:virtual-servers:asmvirtualserverstate",
            "lastUpdateMicros": 1479388471920145,
            "mirror": "disabled",
            "name": "Virtual_1",
            "partition": "Common",
            "selfLink": "https://localhost/mgmt/cm/asm/working-config/virtual-servers/fc4cb3cf-b2d8-378a-8a64-07a27e60316c"
    "generation": 8,
    "kind": "cm:asm:working-config:virtual-servers:asmvirtualservercollectionstate",
    "lastUpdateMicros": 1479388471928975

When no such virtual servers exist, the response would be:

    "selfLink": "https://localhost/mgmt/cm/asm/working-config/virtual-servers",
    "totalItems": 0,
    "items": [],
    "generation": 8,
    "kind": "cm:asm:working-config:virtual-servers:asmvirtualservercollectionstate",
    "lastUpdateMicros": 1479388471928975

Note - to determine the list of all policies that are in use, perform a GET operation to the policies collection and repeat the operations shown here for each policy.

