- CheckMates
- :
- CheckMates Toolbox
- :
- Scripts
- :
- Re: vsxexport.sh - Export VSX settings and configu...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
vsxexport.sh - Export VSX settings and configuration files
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Imagine a Life Cycle Management project where you have to upgrade a VSX gateway with new hardware. Imagine a crashed VSX gateway you need to reinstall whether it is on the same or RMA hardware. Imagine you are upgrading a VSX gateway and need to log a baseline with current BGP peering and all routes of all Virtual Systems. Are you in control and do you know which configuration files were added or modified in VS0 or all other Virtual Systems so you can easily add them back?
vsxexport.sh is my attempt to make it all easier. It reached version 1.0 so it was time to release it to the community.
This script will do the following for you:
- Detect CoreXL status
- Detect Hyper-Threading status
- Log current settings of SecureXL affinity
- Log current settings of CoreXL affinity
- Log current settings of Multi-Queue
- Log status of Dynamic Balancing
- Log status of SecureXL Fast Accelerator
- VS0: Export Clish configuration
- VS0: Log information about interfaces
- VS0: Search and backup configuration files (see sk101515):
- fwkern.conf
- vpnkern.conf
- simkern.conf
- sim_aff.conf
- fwaffinity.conf (is it customized or default version?)
- fwauthd.conf
- local.arp
- discntd.if
- cpha_bond_ls_config.conf (is it customized or default version?)
- resctr
- vsaffinity_exception.conf (is it customized or default version?)
- qos_policy.C
- trac_client_1.ttm (is it customized or default version?)
- ipassignment.conf
- Other VS's: Export Clish configuration (only settings that have to be set with Clish instead of SmartConsole)
- set router-id
- set as
- set bgp
- set routemap
- set igmp
- set pim
- set ospf
- set prefix-list
- set prefix-tree
- set bootp
- set route-redistribution
- add arp
- set max-path-splits
- set inbound-route-filter
- set pbr
- Other VS's: Log BGP peers
- Other VS's: Log OSPF neighbors
- Other VS's: Log current routes
- Other VS's: Log route summary
- Other VS's: Search and backup configuration files
- local.arp
- cpha_bond_ls_config.conf
- Other VS's: Log status of SecureXL Fast Accelerator
- Other VS's: Log information about interfaces
- Create the file VS-all.config with all Clish parameters of all other VS's which can be used to restore those settings instantly on all VS's after reconfiguring a VSX gateway.
- Create a tarball of all files which you can store offline (useful for restore)
- Self-update when new version is available in GitHub repository
GitHub repository: https://github.com/Rick-Hoppe/vsxexport
Changelog
0.1 Initial script
0.2 Display status on screen
0.3 Implemented new method to find Virtual System IDs
0.4 Extra Clish commands added to Clish script and added Affinity + Multi-Queue settings
0.5 Modified output format (splitted conf and log files)
0.6 Rewritten backup of VSes other than VS0
0.7 Fix: -i option added to Clish batch command to ignore failures
0.8 Fix: Cleanup temporary files and added "set virtual-system" to export of Clish config per Virtual System
0.8.1 Export Clish config of all Virtual Systems (other than VS0) to VS-all.config
0.9 Added support for 3.10 kernel
0.9.1 Implemented some "QA" fixes before 1.0 release of this script
1.0 Public release 1.0
1.0.1 Output of other Virtual Systems now have same style as output of VS0
1.0.2 Added commands starting with "set prefix-" to export of Clish config per Virtual System
1.0.3 Added commands starting with "set bootp" to export of Clish config per Virtual System
1.0.4 Added commands starting with "set route-redistribution" to export of Clish config per Virtual System
1.0.5 Added commands starting with "add arp" to export of Clish config per Virtual System
Added commands starting with "set max-path-splits" to export of Clish config per Virtual System
Added commands starting with "set inbound-route-filter" to export of Clish config per Virtual System
Added commands starting with "set pbr" to export of Clish config per Virtual System
Minor change in CoreXL status check
1.1 Added self-update mechanism
1.2 Added status of Dynamic Balancing
Added status of SecureXL Fast Accelerator
Log information about interfaces
1.3 Log active proxy ARP entries per Virtual System
1.4 Added commands starting with "set aggregate" to export of Clish config per Virtual System
Log output of cpinfo -y all
Log output of netstat -rn (VS0)
Imagine a Life Cycle Management project where you have to upgrade a VSX gateway with new hardware. Imagine a crashed VSX gateway you need to reinstall whether it is on the same or RMA hardware. Imagine you are upgrading a VSX gateway and need to log a baseline with current BGP peering and all routes of all Virtual Systems. Are you in control and do you know which configuration files were added or modified in VS0 or all other Virtual Systems so you can easily add them back?
vsx
...;Disclaimer: Check Point does not provide maintenance services or technical or customer support for third party content provided on this Site, including in CheckMates Toolbox. See also our Third Party Software Disclaimer.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks! I always prefer to have a recent CPInfo file and VS_Conf_Collector.sh output available to be able to view all important files, command outputs and other details of a VSX system in DiagnosticsView.
Thanks! I always prefer to have a recent CPInfo file and VS_Conf_Collector.sh output available to be able to view all important files, command outputs and other details of a VSX system in DiagnosticsView.
;- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
CPInfo contains so much information that for me it's like finding a needle in haystack, which costs more time in the end. I've used the vsxexport script several times when reconfiguring VSX gateways and it saved me a lot of time while preparing for those maintenance windows.
CPInfo contains so much information that for me it's like finding a needle in haystack, which costs more time in the end. I've used the vsxexport script several times when reconfiguring VSX gateways and it saved me a lot of time while preparing for those maintenance windows.
;- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
CPInfo indexes all files and command outputs to allow quick searches.
Also it has customizable layouts so you don't have to find the need in a haystack once you customized it for VSX.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Great Work!
PS
please correct me. in case using bootp ( dhcp relaying ) - with yours's script information per vs regarding relaying dhcp settings will be missed .
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @YuriyAnoshyn,
Thanks for the feedback. You are referring to the 'set bootp' commands right? I will include them in the next version. If you know more commands that are not included yet, please do let me know.
Hi @YuriyAnoshyn,
Thanks for the feedback. You are referring to the 'set bootp' commands right? I will include them in the next version. If you know more commands that are not included yet, please do let me know.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
What a fantastic script you have made! I noticed that it doesn't pick up route-redistributions, though. Is this intentional, or is it possible to add?
Kind regards
Claes
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @Claes_Olsson2 ,
It was not intentional so I added it to version v1.0.4 which is now available. Thanks for the feedback.
Hi @Claes_Olsson2 ,
It was not intentional so I added it to version v1.0.4 which is now available. Thanks for the feedback.
;- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Rick,
Very nice script indeed. I also have and information gathering script. For the per vs information gathering, I would like to suggest to also include "add arp", "set max-path-splits", "set inbound-route-filter" and "set pbr".
Kind Regards,
Eamon Jones
Hi Rick,
Very nice script indeed. I also have and information gathering script. For the per vs information gathering, I would like to suggest to also include "add arp", "set max-path-splits", "set inbound-route-filter" and "set pbr".
Kind Regards,
Eamon Jones
;- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Version 1.1 has been published an includes a self-update mechanism. It will check for new versions in the GitHub repository when the script is launched. If a new version is available it will be downloaded, installed, and started. If the check fails for some reason it will display a FAILED message and continues with the rest of the script.
Version 1.1 has been published an includes a self-update mechanism. It will check for new versions in the GitHub repository when the script is launched. If a new version is available it will be downloaded, installed, and started. If the check fails for some reason it will display a FAILED message and continues with the rest of the script.
;- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
'set bootp' is added since version 1.0.3 and should be backupped if you downloaded version 1.1 today. I've doublechecked it in my lab on R80.40 VSX and 'set bootp' commands in VS1 were backupped successfully.
If it still does not work I need more details about your environment.
'set bootp' is added since version 1.0.3 and should be backupped if you downloaded version 1.1 today. I've doublechecked it in my lab on R80.40 VSX and 'set bootp' commands in VS1 were backupped successfully.
If it still does not work I need more details about your environment.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Rick,
I was running on VSX R81 from a TACACS authenticated user and the problem was that the script did not change VS when executing the command 'clish -i -f cmd_file'
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello!
Thank you very much for sharing this script with the community, it is very valuable information.
Is it possible to add these two additional commands and save them in a text file?
cpinfo -y all > cpinfo_fullcopy_VSX.txt
netstat -rn > routesVSX.txt
Regards!
Hello!
Thank you very much for sharing this script with the community, it is very valuable information.
Is it possible to add these two additional commands and save them in a text file?
cpinfo -y all > cpinfo_fullcopy_VSX.txt
netstat -rn > routesVSX.txt
Regards!
;- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @RickHoppe ,
Thank you very much for your attention.
About my last comment I was referring to see if it is possible if the script would do a validation on each of the VS of the firewall and run the command: netstat -rn > routesVSX.txt
And likewise, generate a text file with the routes of each Virtual System. I mean, one file with the routes per VS
If that is done, it would be great.
I plan to use this script for a customer in a maintenance window.
Best regards.
Hi
@RickHoppe ,
Thank you very much for your attention.
About my last comment I was referring to see if it is possible if the script would do a validation on each of the VS of the firewall and run the command: netstat -rn > routesVSX.txt
And likewise, generate a text file with the routes of each Virtual System. I mean, one file with the routes per VS
If that is done, it would be great.
I plan to use this script for a customer in a maintenance window.
Best regards.
;- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello @RickHoppe !!
I hope you are doing well.
About my last comment, have you had a chance to check if you can make this last modification in your script about "save in a text file, the output of the network routes of each VS" ?
I would be very grateful if you could help us with that improvement, because we plan to use your script to take backups of a VSX firewall of a customer.
Best regards.
Hello @RickHoppe !!
I hope you are doing well.
About my last comment, have you had a chance to check if you can make this last modification in your script about "save in a text file, the output of the network routes of each VS" ?
I would be very grateful if you could help us with that improvement, because we plan to use your script to take backups of a VSX firewall of a customer.
Best regards.
;- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @israelsc,
Each VS directory in the output should already contain a VS[n].log file which contains the output of the 'show route' and 'show route summary' CLISH commands.
Unfortunately I will not continue development of this script. See my explanation for this in my final blog post.
Kind regards,
Rick Hoppe
Hi @israelsc,
Each VS directory in the output should already contain a VS[n].log file which contains the output of the 'show route' and 'show route summary' CLISH commands.
Unfortunately I will not continue development of this script. See my explanation for this in my final blog post.
Kind regards,
Rick Hoppe
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Rick,
Thank you very much for the clarification and response.
Thank you for your contribution to the community.
Regards.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Rick,
This is indeed a pretty useful tool, thank you so much for this.
Just one clarification though, on line 408
echo "show route summary" >>$OUTPUTDIR/$HOSTNAME-VS$i.clish
is the $i variable by any chance a typo? it looks like it's supposed to read as $HOSTNAME-VS0.clish
Hi Rick,
This is indeed a pretty useful tool, thank you so much for this.
Just one clarification though, on line 408
echo "show route summary" >>$OUTPUTDIR/$HOSTNAME-VS$i.clish
is the $i variable by any chance a typo? it looks like it's supposed to read as $HOSTNAME-VS0.clish
;- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Rick
I've noticed that the output was not exporting the config for any VS other than VS0
With the help of my colleague, we made a couple of changes and in summary, these are what we've done.
it's now working for us.
From:
echo "show route summary" >>$OUTPUTDIR/$HOSTNAME-VS$i.clish
TO:
echo "show route summary" >>$OUTPUTDIR/$HOSTNAME-VS0.clish
From:
echo "set virtual-system $i" >$OUTPUTDIR/VS$i/VS$i.config
echo "set virtual-system $i" >>$OUTPUTDIR/VS-all.config
To:
cp $OUTPUTDIR/VS$i/VS$i.tmp $OUTPUTDIR/VS$i/VS$i.config
echo "set virtual-system $i" >$OUTPUTDIR/VS$i/VS$i.clish
echo "set virtual-system $i" >>$OUTPUTDIR/VS-all.clish
Hi Rick
I've noticed that the output was not exporting the config for any VS other than VS0
With the help of my colleague, we made a couple of changes and in summary, these are what we've done.
it's now working for us.
From:
echo "show route summary" >>$OUTPUTDIR/$HOSTNAME-VS$i.clish
TO:
echo "show route summary" >>$OUTPUTDIR/$HOSTNAME-VS0.clish
From:
echo "set virtual-system $i" >$OUTPUTDIR/VS$i/VS$i.config
echo "set virtual-system $i" >>$OUTPUTDIR/VS-
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hey Rick,
Great tool, thanks!
would be awesome if in future also could include the following:
show configuration nat-pool / set nat-pool x.x.x.x/x per VS configuration printed in VS-ALL.config