This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
funkylicious
Advisor
‎2020-02-25 01:29 AM

Comparison script of configuration on firewalls

Hello everyone,


I would require your help and knowledge about a script/command that might be out there that can do a comparison of the current configuration of two or more firewalls ( e.g. missing static routes on one member, etc ) in a cluster and or something similar ?


Thanks,

Paul

0 Kudos
8 Replies
G_W_Albrecht
MVP Silver
MVP Silver
‎2020-02-25 03:20 AM

Do the following on both firewalls:

[CLISH]# save configuration <Name of Textfile>

(On SMB only, you must use [Expert]# clish -A -i -c "show configuration" -v >> /var/log/config.txt)

--> Transfer the two files to your PC and use an editor for the comparison.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
funkylicious
Advisor
‎2020-02-25 04:57 AM
In response to G_W_Albrecht

Thanks for the input, but I was looking for something more automated that could save the configuration and a comparison of the number of lines or smth similar.

0 Kudos
Vincent_Bacher
Leader Leader
Leader
‎2020-02-25 05:33 AM
In response to funkylicious

Don't think there's something automatic.

You could write your own automatism using shell script from any management server.

and now to something completely different - CCVS, CCAS, CCTE, CCCS, CCSM elite
0 Kudos
Danny
MVP Platinum
MVP Platinum
‎2020-02-25 05:53 AM

Simply use Heiko's gw_mbash script to run a command on all gateways simultaneously and then compare the result via diff.

Daniel_Schlifka
Contributor
‎2020-02-25 03:43 PM
In response to Danny

If you want to use diff you should run sort over it in advance, interestingly line position of certain options might differ between gateways even if the config is equal.

0 Kudos
Daniel_Schlifka
Contributor
‎2020-02-25 06:05 PM
In response to Daniel_Schlifka

hi,

thought i could use this for myself, so here's my python-way. If will give you everything it finds on X but not on Y and vice versa.

you will need python3-napalm and the napalm gaia plugin:

both are available via python package index now

pip install napalm-gaia

you find the script here  https://github.com/remingu/checkmates/blob/master/python_napalm/napalm_cmp_gateway_conf.py 


modify lines on top of the script to your needs

 

 

 

gateway1_ip = ''
gateway1_username = ''
gateway1_password = ''
gateway2_ip = ''
gateway2_username = ''
gateway2_password = ''

 

 

 


(keep quotes as in)

 

 

 

gateway1_ip = 'x.x.x.x'

 

 

 

 

output is parsed to stdout, you can pipe it.

 

 

 

python3 napalm_cmp_gateway_conf.py > results.text

 

 

 

 
hth

0 Kudos
Daniel_Schlifka
Contributor
‎2020-04-19 12:37 AM
In response to Daniel_Schlifka

i added a second variant which checks files locally, no need for napalm. you'll have to fetch the config by yourself.
https://github.com/remingu/checkmates/blob/master/python_napalm/compare_cfg_files_locally.py

usage:

 

./compare_cfg_files_locally.py <configfile1> <configfile2>

 

 

0 Kudos
HeikoAnkenbrand
MVP Platinum
MVP Platinum
‎2020-04-19 07:45 AM

Hi @funkylicious 

You can also use the following script from me:

Easy Backup Tool - (migrate export + all GAIA configs)

This tool creates a backup of all GAIA gateway configurations with one CLI command "ebackup"

- Only one CLI command "ebackup"
- Backup of all Gaia gateway configurations (Check Point appliances, Open Server, SMB appliances 11xx, 14xx)
- Migrate export on SMS
- Migrate-server on MDS
- Backup all files to one TGZ file
- FTP upload support backup file
- CP upload support for backup file via cprid_util

Then you can see the differences of the gateway configs on a pc.

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events