Export the IPS settings on a locally managed 1100

Niag_Senior · ‎2019-01-19

I need to try and find a way export the IPS settings on a locally managed 1100 running R77.20.80 (990172392). There doesn't appear to be any way via the GUI to export. Perhaps it's possible from the CLI or even via the backup?

Any ideas would be helpful. Thanks.

PhoneBoy · ‎2019-01-20

I imagine it is included in the backup but it’s probably not something you can easily extract.

Pedro_Espindola · ‎2019-01-20

You can use show configuration command and filter for IPS with grep, but the syntax is not perfect to load it back, so you will probably need to do some tweaking like removing unnecessary double-quotes and dashes.

G_W_Albrecht · ‎2019-01-21

The process of using show configuration for config transfer is elaborated here: Configuration transfer between different SMB models

Really, ips settings are the largest part here (6860 lines from 7928), apart from global and special settings consisting of:

# IPS topic view
set threat-prevention ips protection-action-override protection-code "8161769329" override-policy-action "false"

Whole IPS config part is stretching from

# IPS engine settings

to

# IPv6 enforcment settings

G_W_Albrecht · ‎2019-01-21

There maybe another possibility available if we look where the IPS details are stored - the folder /storage/ips includes:

- a file /storage/ips/cmi_loader_sig_ids.conf

- a folder "update" containing:

two config folders, 0 and 1, with two links pointing to them called cur (current) and old

file /storage/ips/update/Version.tmp

file /storage/ips/update/Version

file /storage/ips/update/next_update

file /storage/ips/update/ips_status.C

and the SQL database file /storage/ips/update/ips.db

ips.db can be opened using open source tool as DB Browser for SQLite.

Niag_Senior · ‎2019-01-21

Thank you for these pointers. I'll give this a try and post back.