cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

Pulling the interface for multiple Firewalls (vlan) from

I need to verify if a VLAN exists on multiple firewalls. Is there a way I can run this from one location (MDS (CLI) or MDS (dashboard), etc.

Please let me know. Thank you.

0 Kudos
3 Replies
Admin
Admin

Re: Pulling the interface for multiple Firewalls (vlan) from

Something like:  

0 Kudos

Re: Pulling the interface for multiple Firewalls (vlan) from

I bastardized my old inventory script to do that Smiley Happy since it's using cprid it will be slow but it will fetch all gateways itself from all domains and print out gateway name, relevant interface with VLAN and VS number for VSX, for example VLAN 1000

#!/bin/bash
. /opt/CPshared/5.0/tmp/.CPprofile.sh

if [ -f logfile ]; then rm logfile; fi

for CMA_NAME in $($MDSVERUTIL AllCMAs); do mdsenv $CMA_NAME; echo "CMA $CMA_NAME"; cpmiquerybin attr "" network_objects " (type='cluster_member' & vsx_cluster_member='true' & vs_cluster_member='true') | (type='cluster_member' & (! vs_cluster_member='true')) | (vsx_netobj='true') | (type='gateway'&cp_products_installed='true' & (! vs_netobj='true') & connection_state='communicating')" -a __name__,ipaddr; done 1>> logfile 2>> logfile


while read line; do

   if [ `echo "$line" | grep -c ^CMA` -gt 0 ]; then

      CMA_NAME=`echo "$line" | awk '{print $2}'`
      mdsenv $CMA_NAME

   else
      GW=`echo "$line" | awk '{print $1}'`
      IP=`echo "$line" | awk '{print $2}'`

      VLAN=`$CPDIR/bin/cprid_util -server $IP -verbose rexec -rcmd bash -c "grep ^interface /config/active" |       grep ".$1:" | awk -F: '{print $2}' | tail -1`
      VS=`$CPDIR/bin/cprid_util -server $IP -verbose rexec -rcmd bash -c "grep ^interface /config/active" |       grep ".$1:" | grep instance | awk '{print "VS-"$2}'`
      echo -e "$GW\t$VLAN\t$VS"

   fi

done < logfile

0 Kudos

Re: Pulling the interface for multiple Firewalls (vlan) from

Thanks Kaspars, I wll try this.

Freddie