Today I spent some time to write an automatic audit tool to
crosscheck various configuration parameters within F5’s
Application Security Manager on their BigIP Loadbalancer.
In addition to daily config change diffs which are monitored in subversion, now IPv6 typos will be reported, missing iRules for certain services detected, assigned ASM policies per vServer and assigned certificates checked.
Also expiration times of SSL certificates reported, amongst a few other things.
Very useful now.
This should have been done within the box itself.