Backup Config of Checkpoint Gateway

December 15, 2015, 2:06 am

≫ Next: No available encryption algorithm

≪ Previous: Backing up a PFSense Firewall over SSH using Generic.Device

Hi Thwack community,

this is my first discussion

We are having some troubles with "Checkpoint Security Gateway" Devices. Because there is no suitable Device-Template for those devices i used the Generic.Device combined with a Device Variation to backup the Running Configuration.

Device Details: Check Point Security Gateway using Gaia R77.20 as OS, Kiwi Cattools 3.6.0

I always try to copy the manual steps i would do via putty/SSH to cattools. Those manual steps would be:

login via ssh
"lock database override" //get prev. rights
"show configuration" //running config gets printed to stdout with paging (-- More --) -> as fas as i know there is no ter len 0/ no paging command
quit or exit

Somehow cattools is having some problems with those steps :/

It isn´t getting input from the "show configuration" command which should print to stdout "Did not receive echo of show configuration command".

I attached you the log-info File and the Device variations so you could get a look into the changes i made.

Has anyone ever had similar problems (and a solution to it)? Especially with Checkpoint Devices?

Best regards,

Max

↧

No available encryption algorithm

October 7, 2013, 8:43 am

≫ Next: Issue backing up Nexus 5000

≪ Previous: Backup Config of Checkpoint Gateway

I am receiving the following message from a newly installed Riverbed Router. Any ideas?

2013-10-05 23:15:17 2-Warning 6 Riverbed-Router Failed to connect to Riverbed-Router. Reason: (30044) No available encryption algorithms match with the server.. Will try again.

↧

Issue backing up Nexus 5000

February 20, 2012, 4:42 pm

≫ Next: Configuring Cisco Nexus 7k in Kiwi Cat Tools

≪ Previous: No available encryption algorithm

Hi all,

I'm implementing Cattools for a client to show the value in it (so they'll buy it).

I can't get it to log into their Nexus 5010 switches (2).

No matter what i do, the authentication ALWAYS fails, however i can log into the switches using putty with the same cred's.

Any ideas? Here are some debug's:

↧

Configuring Cisco Nexus 7k in Kiwi Cat Tools

April 9, 2012, 2:36 pm

≫ Next: Problem with a Cat Tools 3.10 (Enterprise) activity - Cisco SF300 switch

≪ Previous: Issue backing up Nexus 5000

I've been able to use Kiwi Cat Tools to backup nearly all of our Cisco devices successfully. However, our Nexus 7k's do not seem to be working with Cat Tools. We use radius authentication and ssh to access our 7k's but cat tools seems to stall after the ssh log-in. I've tried every combination of AAA username and password as well as ssh username and password, but no matter what it just seems to stall at the ssh fingerprint portion of the device backup. Anyone have any ideas as to what I am doing wrong or have another way to backup the configs for the 7k using Kiwi Cat Tools?

↧

Problem with a Cat Tools 3.10 (Enterprise) activity - Cisco SF300 switch

January 12, 2016, 6:13 am

≫ Next: Send enail even if no changes in Configs.

≪ Previous: Configuring Cisco Nexus 7k in Kiwi Cat Tools

Hello,

We use CatTools 3.10 (Enterprise) to modify the configuration or send commands remotely to our switches.

Everything works fine with our Cisco 2950, 2960, 3560, 3750...

But the issue we are currently facing is all about another kind of Cisco switch, the Cisco SmallBusiness SF300.

Since the 3.10 version supports Small Business switches, we can define it in the "Device Type" field of a Deivce, along with the "Model" (which is 300).

The rest of the configuration of the new device is the same as we used for the other Cisco switches (Method : SSH Port : 22, Connect via : Direct Connect, etc...)

The activity is define as "Device.CLI.Modify.Config" and aim to change (S)NTP settings.

The connection to the SF300 switch is OK but then there is a problem when entering the "configure terminal" command (output info logs attached) :

"Waiting for an echo of conf t command

Waiting for a response to : conf t

Did not receive expected response to command : conf t

Commands resultts : 0 of 9, 1

Aborting command entry due to command error

Waiting for an echo of <Ctrl-Z> command

Exiting config mode

Did not receive echo of <Ctrl-Z> command"

I've already tried to define the activty as "Device.CLI.Send.commands" and to send a "conf t" as first command but the same problem happens.

↧

Send enail even if no changes in Configs.

March 16, 2016, 12:57 pm

≫ Next: Fortinet Fortigate Backups via TFTP

≪ Previous: Problem with a Cat Tools 3.10 (Enterprise) activity - Cisco SF300 switch

We would like to have CatTools send us email notifications even if it does not detect changes in the configurations. Without email notification we would not know whether the scripts/activities are actually running each day without logging in at checking the activity log on the CatTools host. No news is good news in some cases but not in this case. In the log we are see " No devices have changed Not sending report via e-mail"

↧

Fortinet Fortigate Backups via TFTP

September 10, 2013, 3:46 am

≫ Next: Arris E6000 CMTS compare

≪ Previous: Send enail even if no changes in Configs.

I have managed to get a full back of a Fortigate firewall working using TFTP and I thought I would share how I did it with the community.

We have a pair of Fortigates 3600C and we run multiple VDOMs on these, this meant the default script withing Cattools didn't work for us. We also require a keystroke before logging in as well. All this meant I had to use a combination of variations and also the TFTP backup method.

Variations configuration

Add your devices using the "Generic.Device" type, this will allow you to use "Variations"
Give them a group name - it is well worth using the same group name for all Fortinets as this will allow you to apply the same variations to all devices within that "Group"
Fill in the rest of the device info and passwords as you would do normally
Go to the "variations" tab and click "use variations"
Go to the "prompts" tab and fill in the information as shown in the "qoutes":-

DEVICE_USERNAMEPROMPT = "login as:"

DEVICE_PASSWORDPROMPT = "password:"

DEVICE_STANDARDPROMPT = "#"

DEVICE_PRIVILEGEDPROMPT = "#"

DEVICE_CONFIGPROMPT = "(global) #"

Go to the "additional commands" tab and fill in the information as shown in the "qoutes":-

COMMAND_ENTERCONFIG = "configure global"

COMMAND_EXITCONFIG = "end"

Go to the "pre/post login" tab and fill in the information as shown in the "qoutes":-
NOTE: you may not need to do this if you aren't asking for a pre login key stroke.

PRE_LOGIN_MESSAGE = "(Press 'a' to accept):"

PRE_LOGIN_KEYSTROKE = "a"

Then click on the "group save" button as this will then save the changes to the group you specified. This will allow you to add more devices to this group and it will pre-populate the variations for you. This saves a lot of work in the future.

TFTP activity configuration

Go to activities and click add
Set Type to "Device.Backup.TFTP"
Fill in name and description
Set schedule under the time tab
Add your devices
Go to "Options" tab
Untick the "file to write to tftp server"
Untick the "enter commands in enable mode"
In the "optional alternative list of commands" section input the following:-

%ctUM: Timeout 100

%ctUM: EchoOff

config global

%ctUM: EchoOff

execute backup config tftp %ctDeviceName-Running-Config <input your IP Address>

%ctUM: EchoOff

If your not using the default file locations don't forget to change them, I got caught out on this. Mine look like:-

F:\CatTools2\Configs\%GroupName%\Config.Current.Running.%BaseFile%.txt

F:\CatTools2\Configs\Archives\%GroupName%\Config.Dated.Running.%BaseFile%.%DateISO%-%TimeHHMM%.txt

Click ok to save

Now run the activity to check it all works. What you will find is there is about a 5 minute delay where it shows as a busy task. Be patient as it will finish. I would recommend running this task outside of any other backups as it does take a bit longer than others.

Hope this helps others getting this working.

EDIT

I have updated this to change from using the command "execute backup full-config" to use "execute backup config". This is because we had an issue recently where we were unable to restore the backup taking using the "execute backup full-config" command.

Fortinet recommend using the "execute backup config" command as this just restores the configuration that has been changed.

I have now tested this on our lab device and I was able to restore the configuration successfully.

Cheers

Jay

Message was edited by: Jaybed --

↧

Arris E6000 CMTS compare

August 15, 2014, 5:38 am

≫ Next: Dell DR4100 enable

≪ Previous: Fortinet Fortigate Backups via TFTP

Hi Guys,

Newby Cattools user here, well I've used the free version many years ago now, but I now got the registared version :-)

Anyway I've managed to get Cattools to grab and compare configs for 3 Cisco Devices and Motorola CMTS, and i've even got it to grab and compare for my lab Arris E6000 CMTS (by using the Motorola CMTS script.

But every time the schedule runs the program detects changes in the E6000 config: -

show running-config	show running-config	1
2	# ChassisType=<E6000> shelfName=<Arris CER CMTS> shelfSwVersion=<CER_V01.01.00.0135> timeGenerated=<Fri Aug 15 12:10:21 2014>	# ChassisType=<E6000> shelfName=<Arris CER CMTS> shelfSwVersion=<CER_V01.01.00.0135> timeGenerated=<Fri Aug 15 12:16:25 2014>	2
3	configure	configure	3
4	banner login	banner login

How can I stop this? it's config line 2 "# ChassisType=<E6000> shelfName=<Arris CER CMTS> shelfSwVersion=<CER_V01.01.00.0135> timeGenerated=<Fri Aug 15 12:10:21 2014>" and the timeGenerated part that is causing the compare error.

Do I need a new script for this device?

BTW Arris now own the Motorola CMTS product range.

Best regards

Steve.

↧

Dell DR4100 enable

October 8, 2014, 2:43 pm

≫ Next: Cattols 3.10 to FortiOS 5.2.5 or 5.4 doesn´t work

≪ Previous: Arris E6000 CMTS compare

Cattools 3.10

I'm trying to back up a Dell DR4100 using Telnet, and after changing Username prompt: to login: it will connect ok, but it fails to back up, with error message Aborting: Unable to enter enable mode.

There doesn't appear to be an enable mode for this device. Can I bypass this bit?

Thanks,

Jenny

↧

Cattols 3.10 to FortiOS 5.2.5 or 5.4 doesn´t work

January 14, 2016, 11:47 pm

≫ Next: How can I recover enable password with Cattools from Cisco device.

≪ Previous: Dell DR4100 enable

Hi,

since we upgraded to FortiOS 5.2.5 or 5.4 Cattools gives us the error message "Failed to connect to XXX. Reason: No respone from remote host. Will try again."

If we connect to it with Putty we get a session.

Have debugged the SSH from FortiOS but no error messages is shown.

The debug in Cattools doesn´t give any errors either:

<PROTOCOL=SSH2>

<HOSTNAME="">

We have tried all different SSH ciphers but with the same result. When we save the ciphers we can see that it sends it to the FortiOS and that it accept it.

Any ideas?

Robin

↧

How can I recover enable password with Cattools from Cisco device.

December 8, 2016, 8:40 am

≫ Next: Cattools Manager not loading

≪ Previous: Cattols 3.10 to FortiOS 5.2.5 or 5.4 doesn´t work

I have a Cisco 6500 that someone changed the enable password on it and don't remember. I am running Cat tools 3.11 that still backs up the configuration of that device everyday. How can I reset or recover the enable password by using Cat tools?

↧

Cattools Manager not loading

December 14, 2016, 9:26 am

≫ Next: Error while unpacking program, code LP5. Please report to author.

≪ Previous: How can I recover enable password with Cattools from Cisco device.

Hi Catoolers,

I'm experiencing the following problem. Running cattools 3.10 on Windows 2008 Server R2. My devices database has about 2.000 items and I've scheduled about 50 activities daily. Cattool Managet running as a service, it works fine. All activities are running every day without issues.

My problem came up when I need to modify some activity or add some new device. I try to open the Cattool Manager application and it wan't start. Cattools Manager.exe start a process, but not the application.

Regards.

Pedro

↧

Error while unpacking program, code LP5. Please report to author.

May 11, 2011, 1:57 am

≫ Next: HP Comware 7 Switches

≪ Previous: Cattools Manager not loading

Kiwi Cattools is stopping after trying to execute it. Error windows pops up with message: "Error while unpacking program, code LP5. Please report to author."

Tried to unistall and reinstall the product (Kiwi CatTools 3.4.0) without success. CatTools has been running since years without any problems, until now. Probably some other recently (automatic) installed application or service is the cause, but I am not able to identify; I have installed nothing new for the last weeks.

Any help or advise is appreciated... thanks

↧

HP Comware 7 Switches

June 2, 2016, 8:55 am

≫ Next: Invalid username or password - HP 6120 XG

≪ Previous: Error while unpacking program, code LP5. Please report to author.

I have been using CatTools successfully with Cisco and HP Procurve switches for some time now, but I can't get the software to successfully talk to a new Comware switch. Looking at the debug logs it looks like it isn't coping with the default Comware prompt format e.g. <sysname> or [sysname] for user or system view respectively. Any idea what I need to do to get it to work?

Thanks

iain

ps I have logged a call with SolarWinds but this is proving to be a soul destroying process. The case is flagged as not started after two days, I've left answer phone messages to no avail and listened to muzak for far too long.

↧

Invalid username or password - HP 6120 XG

August 2, 2016, 8:38 am

≫ Next: Port Security settings

≪ Previous: HP Comware 7 Switches

Hi there,

I am running Cat Tools 3.3.17 and trying to backup all my device configs to one server.

I am having an issue with 2 HP switches - I receive a

Failed to connect to 172.x.x.x
Reason: (30016) Invalid username or password reported by server, or bad
private key.. Giving up after 3 connection attempts.

I am not too familiar with setting the device information - password, manager password etc. I have it for Direct connect via SSH2

Any help would be grateful!

↧

Port Security settings

October 5, 2016, 12:01 pm

≫ Next: Cattools errors

≪ Previous: Invalid username or password - HP 6120 XG

Can CatTools be used to provide a daily email of multiple switches only if they either have ports without port-security or don't have the proper number of MAC's assigned? For example, on a Cisco switch we use port security however some ports may have had it turned off for some reason.

Another possibility is a computer/user is moved from one office to another. If port security is on then the MAC will be recognized as being on another port so will err-disable the new location. A tech either uses the third party switch management program or even logs into the switch and does a "no" on the line for the old port resulting in leaving that port open to a rouge device.

I have been asked by our examiner/audit to get a email report that we can use to correct this on a daily basis. I have CatTools doing a backup of all configurations nightly so I do have text files however I can't find a program/script that can look and alert on lines that should be there but are not.

Please feel free to ask questions if this isn't clear or more information is needed.

Thank you

↧

Cattools errors

December 4, 2016, 3:43 pm

≫ Next: Connect failed:(10060) The current connection has timeout.

≪ Previous: Port Security settings

Hello everyone, I need some help. I have two errors that I'm having a issue with. Cattools sends me a errors in a email saying some of the back ups have failed.

Error 1: Reason: (10060) The current connection has timed out.. Giving up after 3 connection attempts.

Error 2: Reason: (10061) The requested connection has been refused by the remote host.. Giving up after 3 connection attempts.

I appreciate your help.

Thank you.

↧

Connect failed:(10060) The current connection has timeout.

July 27, 2009, 2:34 am

≫ Next: Error "Specified username is invalid for device" during backup of cisco 3750

≪ Previous: Cattools errors

Hi,

I have configured the FW in Kiwi cat tool to backup the run-config every sunday. Last week I was able to see the backup, but this weekedn it failed with the below error.

Connect failed:(10060) The current connection has timeout.

Thanks,
Sridhar

↧

Error "Specified username is invalid for device" during backup of cisco 3750

April 30, 2016, 8:19 pm

≫ Next: Fortigate With Vdom backup is not happening

≪ Previous: Connect failed:(10060) The current connection has timeout.

Hi Team,

For specific devices i am getting error "Specified username is invalid for device" eventhough username & password is correct. i have opened putty and tested credentilas and no issue observed.

attached device config & debug logs.

Regards,

Karthik V

0821 - 6649363

↧

Fortigate With Vdom backup is not happening

March 31, 2010, 3:50 am

≫ Next: Unable to create destination file: Z:\DOCS\Configuration Files\backup configurations_all_cores(RECENT)\Config.Current.Running.test.txt

≪ Previous: Error "Specified username is invalid for device" during backup of cisco 3750

Hi All ,

I am not able to take the backup of Fortigate which has configured on VDOM environment .

Some Fortigate's I am able to take but Vdom configuration's are missing from the Backup .

Did any one faced this issues and what was the solutions you found on Kiwi Cat tools

Please help thanks in advance

Regards

Vineeth

↧