Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

Exporting a DDoS Profile

Hi, I have a DDoS profile in my Test environment which I want to export so I can import it into our Production Environment. Is this possible?

Recreating the DDoS profile in production is simple enough however we have a third party manage our Production Systems so it would be easier to have them import my policy. Thank you in advance as always.

Regards

0
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Hi, maybe you first list the DDoS profile to a file (or simply take the screen output) then merge it in the production config, like this way:

On test environment bash:
tmsh list security dos profile myddos_profile_name > /var/tmp/merge.conf

cat /var/tmp/merge.conf

security dos profile myddos_profile_name {
    app-service none
    application {
        myddos_profile_name {
            captcha-response {
                failure {
                    body "You have entered an invalid answer for the question. Please, try again.
<br>
%DOSL7.captcha.image% %DOSL7.captcha.change%
<br>
<b>What code is in the image\?</b>
%DOSL7.captcha.solution%
<br>
%DOSL7.captcha.submit%"
                }
                first {
                    body "This question is for testing whether you are a human visitor and to prevent automated spam submission.
<br>
%DOSL7.captcha.image% %DOSL7.captcha.change%
<br>
<b>What code is in the image\?</b>
%DOSL7.captcha.solution%
<br>
%DOSL7.captcha.submit%"
                }
            }
            ip-whitelist {
                107.162.0.0/21 { }
            }
            latency-based {
                mode transparent
            }
            tps-based {
                ip-minimum-tps 60
                mode transparent
            }
        }
    }
}

On production environment bash:
tmsh load sys config merge file /var/tmp/merge.conf verify

If no errors found, then:
tmsh load sys config merge file /var/tmp/merge.conf

If you need to include all default or non-changed properties, run:
tmsh list security dos profile myddos_profile_name all-properties > /var/tmp/merge.conf

I hope it helps.
Regards

2
Comments on this Answer
Comment made 25-Feb-2017 by jaikumar_f5 1929

On test env --> /var/tmp/merge.conf --> this is export. You scp that file to prod and merge it, which can be called import. tmsh load sys config merge file /var/tmp/merge.conf verify

0
Comment made 26-Feb-2017 by cjunior 1819

Yep, but don't forget to run removing "verify" argument to effective the load when no errors are found.
Cheers.

0
Comment made 26-Feb-2017 by saidshow 332

Thanks guys! Cjunior, thanks for the details. I'll export from TEST and try the import in my Lab environment first before passing the details on for Production.

Jaikumar_f5 - I was pleased and surprised to have you comment on one of my questions. You performed our Production Upgrades expertly a few months ago. Cheers Chris.

0
Comment made 27-Feb-2017 by saidshow 332

Thanks again guys. I have just given this a try in my lab and went along perfectly.

1