Create a Post
Showing results for 
Search instead for 
Did you mean: 

Comparison script of configuration on firewalls

Hello everyone,

I would require your help and knowledge about a script/command that might be out there that can do a comparison of the current configuration of two or more firewalls ( e.g. missing static routes on one member, etc ) in a cluster and or something similar ?



0 Kudos
8 Replies

Do the following on both firewalls:

[CLISH]# save configuration <Name of Textfile>

(On SMB only, you must use [Expert]# clish -A -i -c "show configuration" -v >> /var/log/config.txt)

--> Transfer the two files to your PC and use an editor for the comparison.

0 Kudos

Thanks for the input, but I was looking for something more automated that could save the configuration and a comparison of the number of lines or smth similar.

0 Kudos

Don't think there's something automatic.

You could write your own automatism using shell script from any management server.

and now to something completely different
0 Kudos

Simply use Heiko's gw_mbash script to run a command on all gateways simultaneously and then compare the result via diff.


If you want to use diff you should run sort over it in advance, interestingly line position of certain options might differ between gateways even if the config is equal.

0 Kudos


thought i could use this for myself, so here's my python-way. If will give you everything it finds on X but not on Y and vice versa.

you will need python3-napalm and the napalm gaia plugin:

both are available via python package index now

pip install napalm-gaia

you find the script here 

modify lines on top of the script to your needs




gateway1_ip = ''
gateway1_username = ''
gateway1_password = ''
gateway2_ip = ''
gateway2_username = ''
gateway2_password = ''




(keep quotes as in)




gateway1_ip = 'x.x.x.x'





output is parsed to stdout, you can pipe it.




python3 > results.text





0 Kudos

i added a second variant which checks files locally, no need for napalm. you'll have to fetch the config by yourself.



./ <configfile1> <configfile2>



0 Kudos

Hi @funkylicious 

You can also use the following script from me:

Easy Backup Tool - (migrate export + all GAIA configs)

This tool creates a backup of all GAIA gateway configurations with one CLI command "ebackup"

- Only one CLI command "ebackup"
- Backup of all Gaia gateway configurations (Check Point appliances, Open Server, SMB appliances 11xx, 14xx)
- Migrate export on SMS
- Migrate-server on MDS
- Backup all files to one TGZ file
- FTP upload support backup file
- CP upload support for backup file via cprid_util

Then you can see the differences of the gateway configs on a pc.

Tags (1)
0 Kudos