Re: vsxexport.sh - Export VSX settings and configu...

RickHoppe

Imagine a Life Cycle Management project where you have to upgrade a VSX gateway with new hardware. Imagine a crashed VSX gateway you need to reinstall whether it is on the same or RMA hardware. Imagine you are upgrading a VSX gateway and need to log a baseline with current BGP peering and all routes of all Virtual Systems. Are you in control and do you know which configuration files were added or modified in VS0 or all other Virtual Systems so you can easily add them back?

vsxexport.sh is my attempt to make it all easier. It reached version 1.0 so it was time to release it to the community.

This script will do the following for you:

Detect CoreXL status
Detect Hyper-Threading status
Log current settings of SecureXL affinity
Log current settings of CoreXL affinity
Log current settings of Multi-Queue
Log status of Dynamic Balancing
Log status of SecureXL Fast Accelerator
VS0: Export Clish configuration
VS0: Log information about interfaces
VS0: Search and backup configuration files (see sk101515):
- fwkern.conf
- vpnkern.conf
- simkern.conf
- sim_aff.conf
- fwaffinity.conf (is it customized or default version?)
- fwauthd.conf
- local.arp
- discntd.if
- cpha_bond_ls_config.conf (is it customized or default version?)
- resctr
- vsaffinity_exception.conf (is it customized or default version?)
- qos_policy.C
- trac_client_1.ttm (is it customized or default version?)
- ipassignment.conf
Other VS's: Export Clish configuration (only settings that have to be set with Clish instead of SmartConsole)
- set router-id
- set as
- set bgp
- set routemap
- set igmp
- set pim
- set ospf
- set prefix-list
- set prefix-tree
- set bootp
- set route-redistribution
- add arp
- set max-path-splits
- set inbound-route-filter
- set pbr
Other VS's: Log BGP peers
Other VS's: Log OSPF neighbors
Other VS's: Log current routes
Other VS's: Log route summary
Other VS's: Search and backup configuration files
- local.arp
- cpha_bond_ls_config.conf
Other VS's: Log status of SecureXL Fast Accelerator
Other VS's: Log information about interfaces
Create the file VS-all.config with all Clish parameters of all other VS's which can be used to restore those settings instantly on all VS's after reconfiguring a VSX gateway.
Create a tarball of all files which you can store offline (useful for restore)
Self-update when new version is available in GitHub repository

GitHub repository: https://github.com/Rick-Hoppe/vsxexport

Changelog

0.1 Initial script
0.2 Display status on screen
0.3 Implemented new method to find Virtual System IDs
0.4 Extra Clish commands added to Clish script and added Affinity + Multi-Queue settings
0.5 Modified output format (splitted conf and log files)
0.6 Rewritten backup of VSes other than VS0
0.7 Fix: -i option added to Clish batch command to ignore failures
0.8 Fix: Cleanup temporary files and added "set virtual-system" to export of Clish config per Virtual System
0.8.1 Export Clish config of all Virtual Systems (other than VS0) to VS-all.config
0.9 Added support for 3.10 kernel
0.9.1 Implemented some "QA" fixes before 1.0 release of this script
1.0 Public release 1.0
1.0.1 Output of other Virtual Systems now have same style as output of VS0
1.0.2 Added commands starting with "set prefix-" to export of Clish config per Virtual System
1.0.3 Added commands starting with "set bootp" to export of Clish config per Virtual System
1.0.4 Added commands starting with "set route-redistribution" to export of Clish config per Virtual System
1.0.5 Added commands starting with "add arp" to export of Clish config per Virtual System
Added commands starting with "set max-path-splits" to export of Clish config per Virtual System
Added commands starting with "set inbound-route-filter" to export of Clish config per Virtual System
Added commands starting with "set pbr" to export of Clish config per Virtual System
Minor change in CoreXL status check
1.1 Added self-update mechanism
1.2 Added status of Dynamic Balancing
Added status of SecureXL Fast Accelerator
Log information about interfaces
1.3 Log active proxy ARP entries per Virtual System
1.4 Added commands starting with "set aggregate" to export of Clish config per Virtual System
Log output of cpinfo -y all
Log output of netstat -rn (VS0)

My blog: https://checkpoint.engineer

Danny · ‎2021-01-07

Thanks! I always prefer to have a recent CPInfo file and VS_Conf_Collector.sh output available to be able to view all important files, command outputs and other details of a VSX system in DiagnosticsView.

RickHoppe · ‎2021-01-08

CPInfo contains so much information that for me it's like finding a needle in haystack, which costs more time in the end. I've used the vsxexport script several times when reconfiguring VSX gateways and it saved me a lot of time while preparing for those maintenance windows.

My blog: https://checkpoint.engineer

Danny · ‎2021-01-08

CPInfo indexes all files and command outputs to allow quick searches.

Also it has customizable layouts so you don't have to find the need in a haystack once you customized it for VSX.

_Val_ · ‎2021-01-08

Nice one, Rick!

YuriyAnoshyn · ‎2021-03-05

Great Work!

PS

please correct me. in case using bootp ( dhcp relaying ) - with yours's script information per vs regarding relaying dhcp settings will be missed .

RickHoppe · ‎2021-03-05

Hi @YuriyAnoshyn,

Thanks for the feedback. You are referring to the 'set bootp' commands right? I will include them in the next version. If you know more commands that are not included yet, please do let me know.

My blog: https://checkpoint.engineer

YuriyAnoshyn · ‎2021-03-05

yes. exactly about "set bootp"

RickHoppe · ‎2021-03-05

vsxexport.sh has been updated to v1.0.3 so 'set bootp' is included now. Thanks again!

My blog: https://checkpoint.engineer

Kris_Pellens · ‎2021-07-21

Thank you Rick. This is an excellent tool!

Wille010 · ‎2021-08-15

Great tool Rick, thanks!

Claes_Olsson2 · ‎2021-09-29

Hi,

What a fantastic script you have made! I noticed that it doesn't pick up route-redistributions, though. Is this intentional, or is it possible to add?

Kind regards
Claes

RickHoppe · ‎2021-10-08

Hi @Claes_Olsson2 ,

It was not intentional so I added it to version v1.0.4 which is now available. Thanks for the feedback.

My blog: https://checkpoint.engineer

Jones · ‎2021-10-11

Hi Rick,

Very nice script indeed. I also have and information gathering script. For the per vs information gathering, I would like to suggest to also include "add arp", "set max-path-splits", "set inbound-route-filter" and "set pbr".

Kind Regards,

Eamon Jones

RickHoppe · ‎2021-10-11

Hi Eamon,

Thanks! I've added them to version v1.0.5 which is now available.

My blog: https://checkpoint.engineer

RickHoppe · ‎2021-10-19

Version 1.1 has been published an includes a self-update mechanism. It will check for new versions in the GitHub repository when the script is launched. If a new version is available it will be downloaded, installed, and started. If the check fails for some reason it will display a FAILED message and continues with the rest of the script.

My blog: https://checkpoint.engineer

henryd111 · ‎2021-10-19

set bootp configuration on VS is missing

RickHoppe · ‎2021-10-19

'set bootp' is added since version 1.0.3 and should be backupped if you downloaded version 1.1 today. I've doublechecked it in my lab on R80.40 VSX and 'set bootp' commands in VS1 were backupped successfully.

If it still does not work I need more details about your environment.

My blog: https://checkpoint.engineer

Henryk_Drozd · ‎2021-10-20

Hi Rick,

I was running on VSX R81 from a TACACS authenticated user and the problem was that the script did not change VS when executing the command 'clish -i -f cmd_file'

Widgit · ‎2022-05-19

Hi

Noted some extra config that is not exported -

set aggregate *

set pbr *

Lachlan

israelsc · ‎2024-01-18

Hello!

Thank you very much for sharing this script with the community, it is very valuable information.

Is it possible to add these two additional commands and save them in a text file?

cpinfo -y all > cpinfo_fullcopy_VSX.txt
netstat -rn > routesVSX.txt

Regards!

RickHoppe · ‎2024-01-21

Hi,

vsxexport.sh is updated to v1.4. Thanks for the feedback.

Rick

My blog: https://checkpoint.engineer

israelsc · ‎2024-01-23

Hi @RickHoppe ,
Thank you very much for your attention.

About my last comment I was referring to see if it is possible if the script would do a validation on each of the VS of the firewall and run the command: netstat -rn > routesVSX.txt
And likewise, generate a text file with the routes of each Virtual System. I mean, one file with the routes per VS

If that is done, it would be great.
I plan to use this script for a customer in a maintenance window.

Best regards.

israelsc · ‎2024-02-23

Hello @RickHoppe !!

I hope you are doing well.

About my last comment, have you had a chance to check if you can make this last modification in your script about "save in a text file, the output of the network routes of each VS" ?

I would be very grateful if you could help us with that improvement, because we plan to use your script to take backups of a VSX firewall of a customer.

Best regards.

RickHoppe · ‎2024-02-23

Hi @israelsc,

Each VS directory in the output should already contain a VS[n].log file which contains the output of the 'show route' and 'show route summary' CLISH commands.

Unfortunately I will not continue development of this script. See my explanation for this in my final blog post.

Kind regards,

Rick Hoppe

My blog: https://checkpoint.engineer

israelsc · ‎2024-02-23

Hi Rick,

Thank you very much for the clarification and response.
Thank you for your contribution to the community.

Regards.

jond3rd · ‎2024-05-12

Hi Rick,

This is indeed a pretty useful tool, thank you so much for this.

Just one clarification though, on line 408

echo "show route summary" >>$OUTPUTDIR/$HOSTNAME-VS$i.clish

is the $i variable by any chance a typo? it looks like it's supposed to read as $HOSTNAME-VS0.clish

jond3rd · ‎2024-05-12

Hi Rick

I've noticed that the output was not exporting the config for any VS other than VS0

With the help of my colleague, we made a couple of changes and in summary, these are what we've done.

it's now working for us.

From:
echo "show route summary" >>$OUTPUTDIR/$HOSTNAME-VS$i.clish

TO:
echo "show route summary" >>$OUTPUTDIR/$HOSTNAME-VS0.clish

From:
    echo "set virtual-system $i" >$OUTPUTDIR/VS$i/VS$i.config
    echo "set virtual-system $i" >>$OUTPUTDIR/VS-all.config
To:
    cp $OUTPUTDIR/VS$i/VS$i.tmp $OUTPUTDIR/VS$i/VS$i.config
    echo "set virtual-system $i" >$OUTPUTDIR/VS$i/VS$i.clish
    echo "set virtual-system $i" >>$OUTPUTDIR/VS-all.clish

frankthetank_69 · ‎2024-08-28

Hey Rick,

Great tool, thanks!

would be awesome if in future also could include the following:

show configuration nat-pool / set nat-pool x.x.x.x/x per VS configuration printed in VS-ALL.config

Filters

Sort By

Categories

vsxexport.sh - Export VSX settings and configuration files

Disclaimer: Check Point does not provide maintenance services or technical or customer support for third party content provided on this Site, including in CheckMates Toolbox. See also our Third Party Software Disclaimer.