Re: SNMP ASA / PIX

maik.behley · ‎11-04-2008

Is there a possibility to read the firewall configuration over snmp and write it down to a tftp server? The customer has two firewallsystems and want to save the configurations daily to a tftp server. He has a linux server to provide the snmp and tftp services. The CSM is too big for this really little problem. For routers and switches exist a solution, named pancho.

cisco24x7 · ‎11-04-2008

You need to put on the security hat for this.

TFTP is NOT secure. Furthermore, SNMP can not

what you want.

Why not use RANCID to do this? It is secure

and can be done over SSH

maik.behley · ‎11-06-2008

Thanks, this can be the right solution. I have tested this tool. The first device is polled and i get the config. But the config from the second device i can't get. The server has the ssh right's and the correct password. In the config directory the rancid process create the file name.new but this file has 0 byte. Can you help me?

In the logfile i see the following failure:

IP_ADDRESS clogin error: Error: TIMEOUT reached

IP_ADDRESS missed cmd(s):

Do you have any idea?

Thanks!

joeduea67 · ‎11-04-2008

Depending on how many devices you are looking to backup I would suggest a product called Device Expert. We purchased it about a year ago and it works great.

It is very reasonably priced as well, $795.00 for up to 25 devices. It has alot of very nice features as well.

http://manageengine.adventnet.com/products/device-expert/

Thanks,

Joe

cisco24x7 · ‎11-06-2008

I have to disagree with you on this. Why

pay for something when you can get it for FREE?

RANCID is the best tool, bar NONE. It can even

backup Unix DNS, sendmail configuration and

Checkpoint Secureplatform firewalls. You can

backup >1000 devices with RANCID on either

gentoo or redhat linux box. A very scale

solution.

Can Device expert do that?