Copy/Duplicate WAF Profile Relaxation Rules to a different WAF Profile on same ADC

[Dave Richard]

I'd like to know if there is a way to copy or duplicate the relaxation rules from one WAF profile to another on the same ADC.  I would need a way to have the server name in the relaxation rules updated to a different server name, but the rest of the relaxation rule can stay the same as the original rule.  We have a dev, test, and prod server that I want to duplicate all relaxation rules on.  Is this possible?....if so, how can this be done?

 

Thanks!

Dave

[Rhonda Rowland1709152125]

No easy way, beyond getting the profile1 commands raw, modifying, and then using them to make profile2.

The profile export may HELP, but you can't import as a new instance using the import command on the same adc (at least in my testing, I couldn't get it to work -- but I didn't spend a lot of time finessing the commands either).

 

Using the profile export:

Select the profile you want and then under Actions, choose export.

Extract the export archive locally and you should see your commands files:  relaxation_rules.txt and showcmds.txt and other dependent files.

 

Then, you can then rename  the profiles/policies what you need to and then adjust any fqdns in the relaxations as needed.

Backup config first to make it easy to undo changes and then  run the commands as a batch commands in ssh to add a new profile config into the system with new profile name and changed values.

I have not been able to re-tar the modified files and use the import to make a new copy successfully at this point.

 

NOTE:

However, if you run commands as straight cli commands you will also have to modify all the rules so that any ? is replaced with \? or you will be missing every ? in every expression.

Because the "?" is not entered unless escaped in the cli...

 

Back in the java days, you actually could highlight an existing profile and click ADD to make a copy of the old profile as the start of a new one.  However, in the HTML5 gui, it won't copy the settings as you still have to choose the profile type and you end up with a default profiel and not a copy of the one you selected.

So the best option is to convert the appfw rules you want to cli, modify, and then paste in. Whether you grab these from the running config OR using the export command depends on what might be easier for you.