CirrostratusHi, I have a DDoS profile in my Test environment which I want to export so I can import it into our Production Environment. Is this possible?
Recreating the DDoS profile in production is simple enough however we have a third party manage our Production Systems so it would be easier to have them import my policy. Thank you in advance as always.
Regards
NacreousHi, maybe you first list the DDoS profile to a file (or simply take the screen output) then merge it in the production config, like this way:
On test environment bash:
tmsh list security dos profile myddos_profile_name > /var/tmp/merge.conf
cat /var/tmp/merge.conf
security dos profile myddos_profile_name {
app-service none
application {
myddos_profile_name {
captcha-response {
failure {
body "You have entered an invalid answer for the question. Please, try again.
%DOSL7.captcha.image% %DOSL7.captcha.change%
What code is in the image\?
%DOSL7.captcha.solution%
%DOSL7.captcha.submit%"
}
first {
body "This question is for testing whether you are a human visitor and to prevent automated spam submission.
%DOSL7.captcha.image% %DOSL7.captcha.change%
What code is in the image\?
%DOSL7.captcha.solution%
%DOSL7.captcha.submit%"
}
}
ip-whitelist {
107.162.0.0/21 { }
}
latency-based {
mode transparent
}
tps-based {
ip-minimum-tps 60
mode transparent
}
}
}
}
On production environment bash:
tmsh load sys config merge file /var/tmp/merge.conf verify
If no errors found, then:
tmsh load sys config merge file /var/tmp/merge.conf
If you need to include all default or non-changed properties, run:
tmsh list security dos profile myddos_profile_name all-properties > /var/tmp/merge.conf
I hope it helps.
Regards