Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

Comparison script of configuration on firewalls

Hello everyone,


I would require your help and knowledge about a script/command that might be out there that can do a comparison of the current configuration of two or more firewalls ( e.g. missing static routes on one member, etc ) in a cluster and or something similar ?


Thanks,

Paul

0 Kudos
8 Replies
Highlighted
Sapphire

Do the following on both firewalls:

[CLISH]# save configuration <Name of Textfile>

(On SMB only, you must use [Expert]# clish -A -i -c "show configuration" -v >> /var/log/config.txt)

--> Transfer the two files to your PC and use an editor for the comparison.

0 Kudos
Highlighted

Thanks for the input, but I was looking for something more automated that could save the configuration and a comparison of the number of lines or smth similar.

0 Kudos
Highlighted

Don't think there's something automatic.

You could write your own automatism using shell script from any management server.

and now to something completely different
0 Kudos
Highlighted
Pearl

Simply use Heiko's gw_mbash script to run a command on all gateways simultaneously and then compare the result via diff.

Highlighted

If you want to use diff you should run sort over it in advance, interestingly line position of certain options might differ between gateways even if the config is equal.

0 Kudos
Highlighted

hi,

thought i could use this for myself, so here's my python-way. If will give you everything it finds on X but not on Y and vice versa.

you will need python3-napalm and the napalm gaia plugin:

both are available via python package index now

pip install napalm-gaia

you find the script here  https://github.com/remingu/checkmates/blob/master/python_napalm/napalm_cmp_gateway_conf.py 


modify lines on top of the script to your needs

 

 

 

gateway1_ip = ''
gateway1_username = ''
gateway1_password = ''
gateway2_ip = ''
gateway2_username = ''
gateway2_password = ''

 

 

 


(keep quotes as in)

 

 

 

gateway1_ip = 'x.x.x.x'

 

 

 

 

output is parsed to stdout, you can pipe it.

 

 

 

python3 napalm_cmp_gateway_conf.py > results.text

 

 

 

 
hth

0 Kudos
Highlighted

i added a second variant which checks files locally, no need for napalm. you'll have to fetch the config by yourself.
https://github.com/remingu/checkmates/blob/master/python_napalm/compare_cfg_files_locally.py

usage:

 

./compare_cfg_files_locally.py <configfile1> <configfile2>

 

 

0 Kudos
Highlighted

Hi @funkylicious 

You can also use the following script from me:

Easy Backup Tool - (migrate export + all GAIA configs)

This tool creates a backup of all GAIA gateway configurations with one CLI command "ebackup"

- Only one CLI command "ebackup"
- Backup of all Gaia gateway configurations (Check Point appliances, Open Server, SMB appliances 11xx, 14xx)
- Migrate export on SMS
- Migrate-server on MDS
- Backup all files to one TGZ file
- FTP upload support backup file
- CP upload support for backup file via cprid_util

Then you can see the differences of the gateway configs on a pc.

Tags (1)
0 Kudos