Re: Pix config backup

dharp · ‎08-28-2002

What methods are people using to automatically backup PIX configs? I'm putting together a script to SSH to the PIX and issue a 'write net' to a predefined tftp server. However, this is difficult and there are some issues in doing this.

What are others doing?

gfullage · ‎09-02-2002

What you're doing is probably the best way, there's really not many ways to do it. Keep in mind that when you do a "write net" I believe the config is sent in the clear over the network , regardless of whether the "write net" was issued via an SSH or a Telnet session. I wouldn't recommend doing this to an external TFTP server.

Really there's not many people doing this, at least not what I've heard. The new PIX Management Console due out soon will allow you to do this more securely, but you probably don't want to spend 000's of dollars just for that.

You could also use PDM to get the config, although it's not automatic it is more secure cause the config will be transferred over the https:// connection.

apaxson · ‎09-04-2002

I just connect to my firewall, do a copy, and paste it into a document on a secured server. If you have to restore your config, then all you have to do is copy the config again, and paste it into the command line.

If you do it via SSH, then your security is only as good as your server you store it on.

Thoughts, comments?

<>>

Ooops, sorry ... I didn't see the part of "automatically". This wouldn't work too well. My apologies

ejaj · ‎09-18-2002

To do tftp from a pix, you need tftp server at inside interface. Then do tftp as usual.

--ejaj

dharp · ‎09-18-2002

The point here is to do this AUTOMATICALLY.