What methods are people using to automatically backup PIX configs? I'm putting together a script to SSH to the PIX and issue a 'write net' to a predefined tftp server. However, this is difficult and there are some issues in doing this.
What you're doing is probably the best way, there's really not many ways to do it. Keep in mind that when you do a "write net" I believe the config is sent in the clear over the network , regardless of whether the "write net" was issued via an SSH or a Telnet session. I wouldn't recommend doing this to an external TFTP server.
Really there's not many people doing this, at least not what I've heard. The new PIX Management Console due out soon will allow you to do this more securely, but you probably don't want to spend 000's of dollars just for that.
You could also use PDM to get the config, although it's not automatic it is more secure cause the config will be transferred over the https:// connection.
I just connect to my firewall, do a copy, and paste it into a document on a secured server. If you have to restore your config, then all you have to do is copy the config again, and paste it into the command line.
If you do it via SSH, then your security is only as good as your server you store it on.
Ooops, sorry ... I didn't see the part of "automatically". This wouldn't work too well. My apologies
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...