Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Etheldra_Freder
Collaborator

Pulling the interface for multiple Firewalls (vlan) from

I need to verify if a VLAN exists on multiple firewalls. Is there a way I can run this from one location (MDS (CLI) or MDS (dashboard), etc.

Please let me know. Thank you.

0 Kudos
3 Replies
PhoneBoy
Admin
Admin

0 Kudos
Kaspars_Zibarts
Employee Employee
Employee

I bastardized my old inventory script to do that Smiley Happy since it's using cprid it will be slow but it will fetch all gateways itself from all domains and print out gateway name, relevant interface with VLAN and VS number for VSX, for example VLAN 1000

#!/bin/bash
. /opt/CPshared/5.0/tmp/.CPprofile.sh

if [ -f logfile ]; then rm logfile; fi

for CMA_NAME in $($MDSVERUTIL AllCMAs); do mdsenv $CMA_NAME; echo "CMA $CMA_NAME"; cpmiquerybin attr "" network_objects " (type='cluster_member' & vsx_cluster_member='true' & vs_cluster_member='true') | (type='cluster_member' & (! vs_cluster_member='true')) | (vsx_netobj='true') | (type='gateway'&cp_products_installed='true' & (! vs_netobj='true') & connection_state='communicating')" -a __name__,ipaddr; done 1>> logfile 2>> logfile


while read line; do

   if [ `echo "$line" | grep -c ^CMA` -gt 0 ]; then

      CMA_NAME=`echo "$line" | awk '{print $2}'`
      mdsenv $CMA_NAME

   else
      GW=`echo "$line" | awk '{print $1}'`
      IP=`echo "$line" | awk '{print $2}'`

      VLAN=`$CPDIR/bin/cprid_util -server $IP -verbose rexec -rcmd bash -c "grep ^interface /config/active" |       grep ".$1:" | awk -F: '{print $2}' | tail -1`
      VS=`$CPDIR/bin/cprid_util -server $IP -verbose rexec -rcmd bash -c "grep ^interface /config/active" |       grep ".$1:" | grep instance | awk '{print "VS-"$2}'`
      echo -e "$GW\t$VLAN\t$VS"

   fi

done < logfile

0 Kudos
Etheldra_Freder
Collaborator

Thanks Kaspars, I wll try this.

Freddie

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events