Unanswered Question
Nov 4th, 2008

Is there a possibility to read the firewall configuration over snmp and write it down to a tftp server? The customer has two firewallsystems and want to save the configurations daily to a tftp server. He has a linux server to provide the snmp and tftp services. The CSM is too big for this really little problem. For routers and switches exist a solution, named pancho.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
cisco24x7 Tue, 11/04/2008 - 06:05

You need to put on the security hat for this.

TFTP is NOT secure. Furthermore, SNMP can not

what you want.

Why not use RANCID to do this? It is secure

and can be done over SSH

maik.behley Thu, 11/06/2008 - 04:53

Thanks, this can be the right solution. I have tested this tool. The first device is polled and i get the config. But the config from the second device i can't get. The server has the ssh right's and the correct password. In the config directory the rancid process create the file but this file has 0 byte. Can you help me?

In the logfile i see the following failure:

IP_ADDRESS clogin error: Error: TIMEOUT reached

IP_ADDRESS missed cmd(s):

Do you have any idea?


cisco24x7 Thu, 11/06/2008 - 05:21

I have to disagree with you on this. Why

pay for something when you can get it for FREE?

RANCID is the best tool, bar NONE. It can even

backup Unix DNS, sendmail configuration and

Checkpoint Secureplatform firewalls. You can

backup >1000 devices with RANCID on either

gentoo or redhat linux box. A very scale


Can Device expert do that?


This Discussion