F5 BIG-IQ Centralized Management Lab > BIG-IQ All Labs > Class 7: BIG-IQ Application Firewall Manager > Module 2: Network Tools and Logs Source | Edit on
Lab 2.3: Using BIG-IQ to Make Wide-Scale Changes to AFM Device DOS Profiles¶
Note
Estimated time to complete: 10 minutes
Prior to BIG-IQ 6.0.1, AFM Device Dos Profile could be managed centrally using BIG-IQ. However, BIG-IQ still required that each profile was managed and deployed individually. In the latest release, BIG-IQ added the ability to edit device dos profiles across multiple devices from a single profile by supporting a “copy-to” functionality. This still doesn’t allow for editing of individual fields in the configuration, and then pushing to many devices. However, does provide ability to make changes to one profile, and copy broadly to many devices. In this lab, we will work with this new feature.
Note
All steps in this lab will be completed using the persona Larry.
Note
The multi-device device dos feature requires that source and target BIG-IP’s are running the same version of TMOS. Also, BIG-IQ will not allow you to deploy DOS configurations to an individual member of device group. The lab environment available has only two BIG-IPs running the same version of TMOS, and they are in an HA pair. In below steps, we will walk through what is required to leverage the multi-device device dos edit feature, but will not actually deploy the changes.
Lab environment access¶
If you have not yet visited the page Getting Started, please do so.
Deploy Device DOS Configurations to Multiple Systems on Single Push¶
Under the Configuration > Shared Security > DoS Protection, click *Device DoS Configurations
Click the checkbox next to
BOS-vBIGIP01
and click the Copy button on top of pageMove
BOS-vBIGIP02
from Available box to selected box, and click OkOnce the copy has been completed. We will still need to execute a deployment for all devices targeted via the copy operation.
Under Deployment > Evaluate & Deploy > Network Security, click the Create button under Evaluations
Complete the evaluation as outlined below: - Name:
device_dos_copy
- Source:Current Changes
- Source Scope:All Changes
- Unused Objects:Remove Unused Objects
- Target Devices:BOS-vBIGIP01
,BOS-vBIGIP02
Click Create
Once evaluation has completed, you can verify the Shared Security changes if desired.
Select completed evaluation, and click Deploy