Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Firewallteam_DE
Explorer

R80.30 - Build 001 MDS Connectivity test before migration - connection refused??

Hello

We are implementing access rules, AS, and routing on existing R77.30 Firewalls (VS, VSX, Phys Clusters) for new R80 MDS/CMA to take over. 

Many firewalls (overall more than 1000) are involved daily and I am having problem to reliably test open ports From MDS and CMA context without time-consuming need to check that in tracker dashboard by dashboard.

My tests looks following (netcat):

nc -z -v -n -t -w 2 -s <R80.30 CMA IP> <R77.30 FW IP> 256
nc -z -v -n -t -w 2 -s <R80.30 CMA IP> <R77.30 FW IP> 18191
nc -z -v -n -t -w 2 -s <R80.30 CMA IP> <R77.30 FW IP> 18208
nc -z -v -n -t -w 2 -s <R80.30 MDS IP> <R77.30 FW IP> 443
nc -z -v -n -t -w 2 -s <R80.30 MDS IP> <R77.30 FW IP> 18208
nc  -v -n -u -w 2 -s <R80.30 MDS IP> <R77.30 FW IP> 161

These ports are needed for management and monitoring.

Even though FW allows it and smarttracker confirms it by log - I am getting "connection refused" in R80 CLI.

telnet and curl gives also "connection refused"

 

As you understand it is not enough to rely on this feedback and I have to check further in logs.

 

Can you help suggest simillar quick way how to test from R80 CLI and get confirmed response that ports are open?

Spending nights going from dashboard to dashboard is taking toll on me.

 

Is there any extensive cli tool that can do this and can be installed on gaia? Whatever can help me.

 

0 Kudos
4 Replies
This widget could not be displayed.