Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 

vsxexport.sh - Export VSX settings and configuration files

RickHoppe
Advisor

Imagine a Life Cycle Management project where you have to upgrade a VSX gateway with new hardware. Imagine a crashed VSX gateway you need to reinstall whether it is on the same or RMA hardware. Imagine you are upgrading a VSX gateway and need to log a baseline with current BGP peering and all routes of all Virtual Systems. Are you in control and do you know which configuration files were added or modified in VS0 or all other Virtual Systems so you can easily add them back?

vsx

...;
TO ACCESS CHECKMATES TOOLBOX it's simple and free

Disclaimer: Check Point does not provide maintenance services or technical or customer support for third party content provided on this Site, including in CheckMates Toolbox. See also our Third Party Software Disclaimer.




(2)
28 Replies

Danny
Champion Champion
Champion

Thanks! I always prefer to have a recent CPInfo file and VS_Conf_Collector.sh output available to be able to view all important files, command outputs and other details of a VSX system in DiagnosticsView.

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

RickHoppe
Advisor

CPInfo contains so much information that for me it's like finding a needle in haystack, which costs more time in the end. I've used the vsxexport script several times when reconfiguring VSX gateways and it saved me a lot of time while preparing for those maintenance windows.

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


Danny
Champion Champion
Champion

CPInfo indexes all files and command outputs to allow quick searches.

image.png

Also it has customizable layouts so you don't have to find the need in a haystack once you customized it for VSX.

image.png

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

_Val_
Admin
Admin

Nice one, Rick!

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


YuriyAnoshyn
Explorer

Great Work! 

PS

please correct me. in case using bootp ( dhcp relaying ) - with yours's script  information per vs regarding relaying dhcp settings will be missed .

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


RickHoppe
Advisor

Hi  @YuriyAnoshyn,

Thanks for the feedback. You are referring to the 'set bootp' commands right? I will include them in the next version. If you know more commands that are not included yet, please do let me know.

 
;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


YuriyAnoshyn
Explorer

yes.  exactly about "set bootp"

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

RickHoppe
Advisor

vsxexport.sh has been updated to v1.0.3 so 'set bootp' is included now. Thanks again!

 
;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


(1)

Kris_Pellens
Collaborator

Thank you Rick. This is an excellent tool!

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


(1)

Wille010
Contributor

Great tool Rick, thanks!

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

Claes_Olsson2
Explorer
Explorer

Hi,

What a fantastic script you have made! I noticed that it doesn't pick up route-redistributions, though. Is this intentional, or is it possible to add?

Kind regards
Claes

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

RickHoppe
Advisor

Hi  @Claes_Olsson2 ,

It was not intentional so I added it to version v1.0.4 which is now available. Thanks for the feedback.

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


Jones
Collaborator
Collaborator

Hi Rick,

Very nice script indeed. I also have and information gathering script. For the per vs information gathering, I would like to suggest to also include "add arp", "set max-path-splits", "set inbound-route-filter" and "set pbr".

Kind Regards,

Eamon Jones

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

RickHoppe
Advisor

Hi Eamon,

Thanks! I've added them to version v1.0.5 which is now available.

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

RickHoppe
Advisor

Version 1.1 has been published an includes a self-update mechanism. It will check for new versions in the GitHub repository when the script is launched. If a new version is available it will be downloaded, installed, and started. If the check fails for some reason it will display a FAILED message and continues with the rest of the script.

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

henryd111
Participant

set bootp configuration on VS is missing

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

RickHoppe
Advisor

'set bootp' is added since version 1.0.3 and should be backupped if you downloaded version 1.1 today. I've doublechecked it in my lab on R80.40 VSX and 'set bootp' commands in VS1 were backupped successfully.

If it still does not work I need more details about your environment.

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

Henryk_Drozd
Explorer

Hi Rick,

I was running on VSX R81 from a TACACS authenticated user and the problem was that the script did not change VS when executing the command 'clish -i -f cmd_file'

 

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

Widgit
Explorer

Hi 

Noted some extra config that is not exported -

set aggregate *

set pbr * 

 

Lachlan

 

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

israelsc
Collaborator
Collaborator

Hello!

Thank you very much for sharing this script with the community, it is very valuable information.

Is it possible to add these two additional commands and save them in a text file?

cpinfo -y all > cpinfo_fullcopy_VSX.txt
netstat -rn > routesVSX.txt

Regards!

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

RickHoppe
Advisor

Hi,

vsxexport.sh is updated to v1.4. Thanks for the feedback.

Rick

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

israelsc
Collaborator
Collaborator

Hi @RickHoppe ,
Thank you very much for your attention.

About my last comment I was referring to see if it is possible if the script would do a validation on each of the VS of the firewall and run the command: netstat -rn > routesVSX.txt
And likewise, generate a text file with the routes of each Virtual System. I mean, one file with the routes per VS

If that is done, it would be great.
I plan to use this script for a customer in a maintenance window.

Best regards.

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

israelsc
Collaborator
Collaborator

Hello  @RickHoppe !!

I hope you are doing well.

About my last comment, have you had a chance to check if you can make this last modification in your script about "save in a text file, the output of the network routes of each VS" ?

I would be very grateful if you could help us with that improvement, because we plan to use your script to take backups of a VSX firewall of a customer.

Best regards.

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

RickHoppe
Advisor

Hi  @israelsc,

Each VS directory in the output should already contain a VS[n].log file which contains the output of the 'show route' and 'show route summary' CLISH commands.

Unfortunately I will not continue development of this script. See my explanation for this in my final  blog post.

Kind regards,

Rick Hoppe

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

israelsc
Collaborator
Collaborator

Hi Rick,

Thank you very much for the clarification and response.
Thank you for your contribution to the community.

Regards.

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

jond3rd
Explorer

Hi Rick,

 

This is indeed a pretty useful tool, thank you so much for this.

Just one clarification though, on line 408

echo "show route summary" >>$OUTPUTDIR/$HOSTNAME-VS$i.clish

 

is the $i variable by any chance a typo? it looks like it's supposed to read as $HOSTNAME-VS0.clish 

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

jond3rd
Explorer

Hi Rick

I've noticed that the output was not exporting the config for any VS other than VS0

 

With the help of my colleague, we made a couple of changes and in summary, these are what we've done.

it's now working for us.

 

From:
echo "show route summary" >>$OUTPUTDIR/$HOSTNAME-VS$i.clish

 

TO:
echo "show route summary" >>$OUTPUTDIR/$HOSTNAME-VS0.clish

 

 

From:
    echo "set virtual-system $i" >$OUTPUTDIR/VS$i/VS$i.config
    echo "set virtual-system $i" >>$OUTPUTDIR/VS-

...;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

frankthetank_69
Explorer

Hey Rick,

Great tool, thanks!

would be awesome if in future also could include the following:

show configuration nat-pool / set nat-pool x.x.x.x/x per VS configuration printed in VS-ALL.config

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos