The option to export the entire profile configuration and then import it into another appliance can be useful in various use cases. For example, you might want to configure an application firewall profile in a test bed set-up to test and validate that it is working as expected. Once you are satisfied, you can export the profile and import the profile configuration to your production NetScaler appliances. This functionality is also useful for backing up your configuration. You can export the profile before making changes, so that you can easily roll back the configuration to a known state if necessary.
Application firewall profiles that are exported and archived from one build cannot be restored to a system running a different build, because changes introduced in the newer releases can lead to compatibility issues. If you attempt to restore an archived profile to a different build than the one from which it was exported, an error message is logged in ns.log.
The export and import profile functionality is available in both the configuration utility (GUI) and the command line interface (CLI). The configuration utility is recommended, because it offers easy to use Action options. With a click of a button you can Export or Import the entire configuration of a profile.
If you use CLI to export a profile, you must archive the configuration and then export it. To import a profile, you must import the archive into the NetScaler appliance and then execute the restore command to extract the configuration. The following set of CLI commands can be used for exporting, importing and managing the profile configurations.
CLI commands to export archives:
CLI commands to import archives:
CLI commands to manage archives:
Exporting a profile from one appliance and importing it to another requires five steps in CLI. The first 3 steps are performed on the source appliance on which profile configuration is originally created, and the next 2 steps are performed on the target appliance on which the profile configuration is to be replicated.
Export profile from the source NetScaler appliance:
Step 1: Create an archive of the configured profile.
Step 2: Export the archive to the NetScaler file system.
Step 3: Use a file transfer utility such as scp to transfer the exported archive file from NetScaler appliance A to the target NetScaler appliance.
Import profile to the target NetScaler appliance:
Step 4: Execute the import command to import the archived file. You can import the archive from your NetScaler’s local file system, or you can use HTTP or HTTPS protocol to import the archive from a server by using the URL.
Step 5: Execute the restore command to restore the profile configuration from the imported archive
To export an application firewall profile by using the command line interface
First, archive the profile’s configuration, and then export the archive to a target location. At the command prompt, type the following commands:
archive appfw profile <profileName> <archiveName>
Execution of the above command creates 2 instances of the archive file. One in /var/tmp folder and another in the /var/archive/appfw folder.
export appfw archive <archiveName> <target>
Execution of the export command saves the exported archive file on the file system of your NetScaler appliance in the /var/tmp folder.
> archive appfw profile test_pr archived_test_pr
> export appfw archive archived_test_pr local:dutA_test_pr
After the above two commands are executed, the /var/tmp folder contains the archived_test_pr file and the exported copy, dutA_test_pr, which are identical in size. From the CLI, you can drop into the shell to navigate to the folder to verify that these files are there.
After exporting the archive file, you can use scp or some other such file transfer utility to transfer a copy of the archive file from the NetScaler appliance on which they were created to your target NetScaler appliance.
After you have successfully scp’d the archived file from the source appliance to the target appliance, you are ready to import the profile’s archive, and then execute the restore command to replicate the profile’s configuration on the target appliance.
Log onto the target appliance. Drop into the shell and cd to the /var/tmp folder to verify that the size of the scp’d file on this appliance matches the size of the original archived file on the source appliance. Exit the shell to return to the command line.
To import a profile by using the CLI
At the command prompt, type the following commands:
import appfw archive <src> <name> [-comment <string>]
restore appfw profile <archiveName>
A. Import from local file followed by restore
> import appfw archive local:dutA_test_pr dut2_test_pr
> restore appfw profile dut2_test_pr
B. Import from URL followed by restore
> import appfw archive http://10.217.30.16/FFC/Profile_ImportExport/dutA_test_pr.tgz my_archive
> restore appfw profile my_archive
This example restores the test_pr profile along with all bound objects (such as signatures, html error page, relaxation rules and so on) on the target NetScaler appliance.
You can use the following CLI commands to access man pages for additional details.
The configuration utility (GUI) is easier to use than the CLI. The utility performs both archive and export operations when you click Export. Similarly it executes both import and restore when you click Import. The configuration utility can access the local file system of the computer from which you access the utility. You can export a copy of the archive and save it on your local computer. You can then import this copy directly in the target appliance without having to manually transfer the archive file from one appliance to the other(s).
To export an application firewall profile by using the configuration utility
To import an application firewall profile by using the configuration utility
URL: You can choose to import an archive by specifying a URL. When this option is selected, you must provide an absolute path for the archived file in the URL input box.
File: You can choose to import an archive from the local File. When this option is selected, a Local File selection field is displayed. You can browse your computer’s local files to select the target archive file.
Click Create to import the specified archive. Successful completion of the import operation creates the profile configuration on the target appliance.