Hello everybody.

I've set up tftp backups of some of my Fortigate firewalls. The first backup runs OK, but the subsequent ones will fail because of "Error code 2: Access violation". I've played a bit with it and it seems that it cannot overwrite the already existing backup file in the TFTP folder.

Anybody knows how to solve this?

The Kiwi CatTools Service is run by "Local System account".

Any help will be appreciated.

Thanks and regards,

F.

Hi!

I'm trying to backup the config of our new HP (H3C) Switches (5120, 5800, 10500). The script I created out of the Custom.Template is not working. The prompt of the switches is "<SWITCHNAME>", not "SWITCHNAME>" as in Ciscos IOS. So the script returns the error "Did not receive expected prompt when entering Enable mode".

Has anybody managed to create a script that works with the HP H3C switches?

Regards, lls71

Hi

I have managed to get a full back of a Fortigate firewall working using TFTP and I thought I would share how I did it with the community.

We have a pair of Fortigates 3600C and we run multiple VDOMs on these, this meant the default script withing Cattools didn't work for us. We also require a keystroke before logging in as well. All this meant I had to use a combination of variations and also the TFTP backup method.

Variations configuration

• Add your devices using the "Generic.Device" type, this will allow you to use "Variations"
• Give them a group name - it is well worth using the same group name for all Fortinets as this will allow you to apply the same variations to all devices within that "Group"
• Fill in the rest of the device info and passwords as you would do normally
• Go to the "variations" tab and click "use variations"
• Go to the "prompts" tab and fill in the information as shown in the "qoutes":-

DEVICE_USERNAMEPROMPT = "login as:"

DEVICE_PASSWORDPROMPT = "password:"

DEVICE_STANDARDPROMPT = "#"

DEVICE_PRIVILEGEDPROMPT = "#"

DEVICE_CONFIGPROMPT = "(global) #"

• Go to the "additional commands" tab and fill in the information as shown in the "qoutes":-

COMMAND_ENTERCONFIG = "configure global"

COMMAND_EXITCONFIG = "end"

• Go to the "pre/post login" tab and fill in the information as shown in the "qoutes":-
• NOTE: you may not need to do this if you aren't asking for a pre login key stroke.

PRE_LOGIN_MESSAGE = "(Press 'a' to accept):"

PRE_LOGIN_KEYSTROKE = "a"

• Then click on the "group save" button as this will then save the changes to the group you specified. This will allow you to add more devices to this group and it will pre-populate the variations for you. This saves a lot of work in the future.

TFTP activity configuration

• Go to activities and click add
• Set Type to "Device.Backup.TFTP"
• Fill in name and description
• Set schedule under the time tab
• Add your devices
• Go to "Options" tab
• Untick the "file to write to tftp server"
• Untick the "enter commands in enable mode"
• In the "optional alternative list of commands" section input the following:-

%ctUM: Timeout 100

%ctUM: EchoOff

config global

%ctUM: EchoOff

execute backup config tftp %ctDeviceName-Running-Config <input your IP Address>

%ctUM: EchoOff

• If your not using the default file locations don't forget to change them, I got caught out on this. Mine look like:-

F:\CatTools2\Configs\%GroupName%\Config.Current.Running.%BaseFile%.txt

F:\CatTools2\Configs\Archives\%GroupName%\Config.Dated.Running.%BaseFile%.%DateISO%-%TimeHHMM%.txt

• Click ok to save

Now run the activity to check it all works. What you will find is there is about a 5 minute delay where it shows as a busy task. Be patient as it will finish. I would recommend running this task outside of any other backups as it does take a bit longer than others.

Hope this helps others getting this working.

EDIT

I have updated this to change from using the command "execute backup full-config" to use "execute backup config". This is because we had an issue recently where we were unable to restore the backup taking using the "execute backup full-config" command.

Fortinet recommend using the "execute backup config" command as this just restores the configuration that has been changed.

I have now tested this on our lab device and I was able to restore the configuration successfully.

Cheers

Jay

Message was edited by: Jaybed --

Hello.

I have problem with mass expired password update in cattools database. I have about 1500 devices and different credentials in about 20% of them.

How to do mass password update only for specific user?

Only thing that comes to my mind is select by hand devices where is that user with expired pasword, but this is not elegant solution (in addition I have to do it every 30 days of password expiration).

Hello,

We have an HP Procurve J4903A Switch 2824 and it is integrated with RADIUS Server for authentication.
We are using Cat Tools 3.4 demo version and tried to configure the switch for configuraton backup using Method SSH2.
And using Device.Backup.Running Config  Type and SSH Username/Password are supplied. When Run the backup it shows the errors:
"Did not receive expected prompt when entering enable mode", and "Aborting: Unable to enter enable mode".

Do anybody faced this issue with SSH? Please help me to solve this problem.

Regards,

Achu

Hi guys,

When I try and run cattools I get this error: "you have too many copies of this program already  running on your system or network. you are licensed for only 1  copy/copies at a time"

The strange thing is, I have no other copies of cattools running anywhere, there are no other users on thsi server, and this server has no internet access and is behind a firewall which blocks comms between servers. So even if there was another copy running it wouldn't be able to see it.

The error is persistent. We did recently migrate onto a new server, which i suspect is where it has corrupted the software. We uninstalled and reinstalled v3.5 and immediately the same error came up. It doesn't even give me the option to input a new license key.

This is really annoying and we are out of maintenance support. Are there some logs I can see that will tell me where cattools thinks it can see another copy running.

Get an error message:

"Did not receive expected response to command: show running-config"

Hi

I am trying to create a script in order to backup a F5 BigIP.

The scripts runs without issues on the device when i run it on the console(ssh) , but when i use Kiwi Cattools, the script fails.

The reason i''m using variables, is to be able to backup multiple F5 devices into one dir, retaining the ID of the device.

I must be doing something dumb, or i don't get it.

#!/bin/bash

terminal width 120
FTPHOST=[IP]
HOST=$HOSTNAME
USER=F5
PASS=XXXXX
UPATH1=Config'/'Current'/'
UPATH=`date +%Y'/'%m'/'%d`
FPATH="$UPATH1$UPATH"

cd /config
tmsh -c "save sys config base"
cp bigip_base.conf $HOST.conf
ftp -inv << EOF
open $FTPHOST
user $USER $PASS
bin
mkdir $FPATH
put /config/$HOST.conf /$FPATH/$HOST.txt
close
bye
EOF

KiwiCattools fails on reading the variables, i get "waiting for respons to command", waiting for an echo.

I am using Device.CLI.Send Commands.

Question ofcourse is... :how to fix it, how to set specifics for each device using variables ? Am i missing the point completly? Is it even possible what i''d like to achieve.

What am i doing wrong?

If anybody can point me to some docs on how to use bash within scripts for KiwiCatTools, that would be great too.

Thank you in advance.

With kind regards, Thijn

Hi,

Any chance to have Ruckus ZoneDirector in CatTools devices ?

Or, a special conf with "variation" ?

I made differents tests/setting for that device without suscces.

Please, help !

Hi!

Is there a chance that CatTools could retrieve the config.ini of a APC SmartUPS AP9617/AP9630 Network Management Card using FTP? It would be great if someone of the development team could have a look at it.

Here's a "capture" of a FTP session:

ftp> open 10.0.0.1
Connected to 10.0.0.1.
220 AP9617 Network Management Card AOS v3.7.3 FTP server ready.
User (10.0.0.1:(none)): admin
331 User name okay, need password.
Password:
230 User logged in, proceed.
ftp> bin
200 TYPE Command okay.
ftp> hash
Hash mark printing On  ftp: (2048 bytes/hash mark) .
ftp> get config.ini
200 PORT Command okay.
150 File status okay; about to open data connection.
#######################226 Closing data connection.
ftp: 47311 bytes received in 15,25Seconds 3,10Kbytes/sec.
ftp> close
221 Thank you for using APC products!
ftp> quit

Regards, Leonardo

Hi,

We have just purchased this software and have issues running the device.backup.running config.

I keep getting this error waiting for response as in subject line.

Attach is the debug logs, any ideas?  at the end I just stopped the process as it sat there for ages.

Hi  there,

I am running Cat Tools 3.3.17 and trying to backup all my device configs to one server.

I am having an issue with 2 HP switches - I receive a

I am not too familiar with setting the device information - password, manager password etc. I have it for Direct connect via SSH2

Any help would be grateful!

G

Hi my friends,

I am running Cattools version 3.6.0, now I am trying to backup the running configuration a HP Procurve 2530 switch. I have tried to enter some combinations of values under the "Passwords" and "Prompts" tab, but always prompted error messages. Can someone show me what value should I set under "Passwords" and "Prompts" tabs?  Below I will show you how I telnet to this switch via command prompt. Thanks in advance!

From command prompt, I key in  telnet 10.x.x.x, then press enter, then I see below page

I key in manager, and press enter, then I am prompted to enter password.

I enter password, and then press enter, I successfully enter privilege mode

Hi to all.

Is it possible to run script in cattools in order to read the devices ip address from an externa files.

Thanks, Fabio.

Hey guys,

we have the following problem when running Kiwi Cat tool's Device.Backup.Running Config with the command  "get conf" on a Juniper Netscreen Firewall:

It always stops at the end of a page infront of the paging prompt "--- more ---"

debug log:

<W-14:26:41>ssh -2 -l root ip <R-14:26:41>ssh -2  -l root ip<W-14:26:41>[13]<R-14:26:42>[13][13][10]<R-14:26:42>root@ip's  password:  <W-14:26:42>pw[13]<R-14:26:42>[13][10]<R-14:26:43>Remote  Management Console[13][13][10]DE-MAR-GW-001->
================================================================================
WFDRetVal=0. Waiting for: "accept this agreement y/[n]"
WFDBuffer="[13][10]remote management console[13][13][10]de-mar-gw-001-> "
================================================================================
<W-14:26:46>[13]<R-14:26:46>[13][10]<R-14:26:46>[13][13][10]DE-MAR-GW-001->  <W-14:26:46>get conf<R-14:26:46>get  conf<W-14:26:46>[13]<R-14:26:46>[13][10]<R-14:26:47>get  conf[13][13][10]Total Config size 36578:[13][13][10]BEGIN  CONFIG******************************END CONFIG [13][13][10]--- more ---  <W-14:26:47>  <R-14:26:47>
================================================================================
WFMDRetVal=1 Waiting for: "--unknown keyword"
WFMDRetVal=2 Waiting for: "command not completed"
WFMDRetVal=3 Waiting for: "insufficient arguements"
WFMDRetVal=4 Waiting for: "[y]/n"
WFMDRetVal=5 Waiting for: "y/[n]"
WFMDRetVal=6 Waiting for: "--- more --- "
WFMDRetVal=7 Waiting for: "DE-MAR-GW-001->"
WFMDRetVal=8 Waiting for: "DE-MAR-GW-001->"
WFMDRetVal=9 Waiting for: "DE-MAR-GW-001("
WFMDBuffer=" "
================================================================================
<W-14:27:17>exit[13]<D 14:27:17>
<SCRIPT VALUES>
<HOSTNAME="DE-MAR-GW-001">
<PROMPT VTY="DE-MAR-GW-001->">
<PROMPT ENABLE="DE-MAR-GW-001->">
<PROMPT CONFIG="">

Does someone have an idea what could be the problem? It should run, actually, as we have other netscreen firewalls that work fine with the command get conf.

Config:

- Kiwi CatTools 3.3.17 Enterprise (Device.Backup Running Config)

- OS: Windows Server 2003

- Device: Firewall NetScreen SSG5.

I'll highly appreciate getting your quick feedback for resolving this problem.

Thank you in advance,

dash

Hi

I have managed to get a full back of a Fortigate firewall working using TFTP and I thought I would share how I did it with the community.

We have a pair of Fortigates 3600C and we run multiple VDOMs on these, this meant the default script withing Cattools didn't work for us. We also require a keystroke before logging in as well. All this meant I had to use a combination of variations and also the TFTP backup method.

Variations configuration

• Add your devices using the "Generic.Device" type, this will allow you to use "Variations"
• Give them a group name - it is well worth using the same group name for all Fortinets as this will allow you to apply the same variations to all devices within that "Group"
• Fill in the rest of the device info and passwords as you would do normally
• Go to the "variations" tab and click "use variations"
• Go to the "prompts" tab and fill in the information as shown in the "qoutes":-

DEVICE_USERNAMEPROMPT = "login as:"

DEVICE_PASSWORDPROMPT = "password:"

DEVICE_STANDARDPROMPT = "#"

DEVICE_PRIVILEGEDPROMPT = "#"

DEVICE_CONFIGPROMPT = "(global) #"

• Go to the "additional commands" tab and fill in the information as shown in the "qoutes":-

COMMAND_ENTERCONFIG = "configure global"

COMMAND_EXITCONFIG = "end"

• Go to the "pre/post login" tab and fill in the information as shown in the "qoutes":-
• NOTE: you may not need to do this if you aren't asking for a pre login key stroke.

PRE_LOGIN_MESSAGE = "(Press 'a' to accept):"

PRE_LOGIN_KEYSTROKE = "a"

• Then click on the "group save" button as this will then save the changes to the group you specified. This will allow you to add more devices to this group and it will pre-populate the variations for you. This saves a lot of work in the future.

TFTP activity configuration

• Go to activities and click add
• Set Type to "Device.Backup.TFTP"
• Fill in name and description
• Set schedule under the time tab
• Add your devices
• Go to "Options" tab
• Untick the "file to write to tftp server"
• Untick the "enter commands in enable mode"
• In the "optional alternative list of commands" section input the following:-

%ctUM: Timeout 100

%ctUM: EchoOff

config global

%ctUM: EchoOff

execute backup config tftp %ctDeviceName-Running-Config <input your IP Address>

%ctUM: EchoOff

• If your not using the default file locations don't forget to change them, I got caught out on this. Mine look like:-

F:\CatTools2\Configs\%GroupName%\Config.Current.Running.%BaseFile%.txt

F:\CatTools2\Configs\Archives\%GroupName%\Config.Dated.Running.%BaseFile%.%DateISO%-%TimeHHMM%.txt

• Click ok to save

Now run the activity to check it all works. What you will find is there is about a 5 minute delay where it shows as a busy task. Be patient as it will finish. I would recommend running this task outside of any other backups as it does take a bit longer than others.

Hope this helps others getting this working.

EDIT

I have updated this to change from using the command "execute backup full-config" to use "execute backup config". This is because we had an issue recently where we were unable to restore the backup taking using the "execute backup full-config" command.

Fortinet recommend using the "execute backup config" command as this just restores the configuration that has been changed.

I have now tested this on our lab device and I was able to restore the configuration successfully.

Cheers

Jay

Message was edited by: Jaybed --

Hi Thwack community,

this is my first discussion

We are having some troubles with "Checkpoint Security Gateway" Devices. Because there is no suitable Device-Template for those devices i used the Generic.Device combined with a Device Variation to backup the Running Configuration.

Device Details: Check Point Security Gateway using Gaia R77.20 as OS, Kiwi Cattools 3.6.0

I always try to copy the manual steps i would do via putty/SSH to cattools. Those manual steps would be:

1. login via ssh
2. "lock database override" //get prev. rights
3. "show configuration" //running config gets printed to stdout with paging (-- More --) -> as fas as i know there is no ter len 0/ no paging command
4. quit or exit

Somehow cattools is having some problems with those steps :/

It isn´t getting input from the "show configuration" command which should print to stdout "Did not receive echo of show configuration command".

I attached you the log-info File and the Device variations so you could get a look into the changes i made.

Has anyone ever had similar problems (and a solution to it)? Especially with Checkpoint Devices?

Best regards,

Max

Hello.

I have problem with mass expired password update in cattools database. I have about 1500 devices and different credentials in about 20% of them.

How to do mass password update only for specific user?

Only thing that comes to my mind is select by hand devices where is that user with expired pasword, but this is not elegant solution (in addition I have to do it every 30 days of password expiration).

Hello,

I am trying to backup an ASA config using Device.Backup.TFTP and when I run it I receive this error:

Device Type: Cisco.Firewall.ASA has not yet had this functionality added. Skipping this device.

I was wondering if anyone knew what would be causing this error? My guess is that something needs to be added to the Cisco.Firewall.ASA script to give it functionality (please correct me if I am wrong) and then it should start working. If this is correct, can someone please guide me through the process of getting this started.

Thank you,

Johnathan

While running a Device.CLI.Modify Config job to modify the management access-list on Cisco SF-500 SmallBusiness  switches there are errors and waiting times:

Waiting for an echo of permit ip-source 1.2.3.4 mask 255.0.0.0 service snmp command

Waiting for an echo of <Ctrl-Z> command

Waiting for a response to: copy run start

The cli commands are tested manually and are OK, but appearantly cattools does not receive what it expects.

Using cattools 3.10.0 (Enterprise)

SWITCH#sh ver

SW version    1.3.0.62 ( date  02-May-2013 time  14:56:31 )

Boot version    1.3.0.03 ( date  23-Jul-2012 time  10:32:34 )

HW version    V02

SWITCH#sh system

System Description:                       24-Port 10/100 PoE Stackable Managed Switch