Hi

I have managed to get a full back of a Fortigate firewall working using TFTP and I thought I would share how I did it with the community.

We have a pair of Fortigates 3600C and we run multiple VDOMs on these, this meant the default script withing Cattools didn't work for us. We also require a keystroke before logging in as well. All this meant I had to use a combination of variations and also the TFTP backup method.

Variations configuration

• Add your devices using the "Generic.Device" type, this will allow you to use "Variations"
• Give them a group name - it is well worth using the same group name for all Fortinets as this will allow you to apply the same variations to all devices within that "Group"
• Fill in the rest of the device info and passwords as you would do normally
• Go to the "variations" tab and click "use variations"
• Go to the "prompts" tab and fill in the information as shown in the "qoutes":-

DEVICE_USERNAMEPROMPT = "login as:"

DEVICE_PASSWORDPROMPT = "password:"

DEVICE_STANDARDPROMPT = "#"

DEVICE_PRIVILEGEDPROMPT = "#"

DEVICE_CONFIGPROMPT = "(global) #"

• Go to the "additional commands" tab and fill in the information as shown in the "qoutes":-

COMMAND_ENTERCONFIG = "configure global"

COMMAND_EXITCONFIG = "end"

• Go to the "pre/post login" tab and fill in the information as shown in the "qoutes":-
• NOTE: you may not need to do this if you aren't asking for a pre login key stroke.

PRE_LOGIN_MESSAGE = "(Press 'a' to accept):"

PRE_LOGIN_KEYSTROKE = "a"

• Then click on the "group save" button as this will then save the changes to the group you specified. This will allow you to add more devices to this group and it will pre-populate the variations for you. This saves a lot of work in the future.

TFTP activity configuration

• Go to activities and click add
• Set Type to "Device.Backup.TFTP"
• Fill in name and description
• Set schedule under the time tab
• Add your devices
• Go to "Options" tab
• Untick the "file to write to tftp server"
• Untick the "enter commands in enable mode"
• In the "optional alternative list of commands" section input the following:-

%ctUM: Timeout 100

%ctUM: EchoOff

config global

%ctUM: EchoOff

execute backup config tftp %ctDeviceName-Running-Config <input your IP Address>

%ctUM: EchoOff

• If your not using the default file locations don't forget to change them, I got caught out on this. Mine look like:-

F:\CatTools2\Configs\%GroupName%\Config.Current.Running.%BaseFile%.txt

F:\CatTools2\Configs\Archives\%GroupName%\Config.Dated.Running.%BaseFile%.%DateISO%-%TimeHHMM%.txt

• Click ok to save

Now run the activity to check it all works. What you will find is there is about a 5 minute delay where it shows as a busy task. Be patient as it will finish. I would recommend running this task outside of any other backups as it does take a bit longer than others.

Hope this helps others getting this working.

EDIT

I have updated this to change from using the command "execute backup full-config" to use "execute backup config". This is because we had an issue recently where we were unable to restore the backup taking using the "execute backup full-config" command.

Fortinet recommend using the "execute backup config" command as this just restores the configuration that has been changed.

I have now tested this on our lab device and I was able to restore the configuration successfully.

Cheers

Jay

Message was edited by: Jaybed --

Have a 2800 series router with cisco unity express.

There is no provided mechanism to backup the device (CUE).

CatTools is perfect for this but I'm not a coder!!

Can someone help me get past the point I'm at....

I'm using the device.cli.send to push the following commands;

serv serv 0/1 sess - this gets me into the cue module

after that need to hit enter key a few times to "wake it up" as you have to do this when you are logged in and interactive.

Once you hit enter a few times you get the prompt.

Any suggestions?

Thanks,

Paul.

Hey guys,

recently, our Kiwi CatTools Service crashes. This occurs randomly, we could not find the reason so far. We did not do any changes, except maybe changing an ip address or stuff.

The Windows Log sais the following:

System: The Kiwi CatTools service terminated unexpectedly.  It has done this 5 time(s).

Applic.: Faulting application CatTools_Service.exe, version 3.3.0.17, faulting module KiwiTFTP.dll, version 2.2.0.0, fault address 0x0000c98c.            or:

            Faulting application CatTools_Service.exe, version 3.3.0.17, faulting module unknown, version 0.0.0.0, fault address 0x00000000.

Steps to resolve this issue:

- delete all devices, we don't need anymore (we have more than 100 devices)

- shrink the database

- reinstall kiwi cattools 3.3.17

- check timings of the jobs

- searched google and thwack for known issues

If you guys could help me that would be great, thx for your help. Maybe someone has similar problems. Maybe some recent Windows updates cause this error?

regards,

dash

To disable paging, you can use Variations, and the following command:

Terminal pager 0

This works on an ASA 5520

I am receiving the following message from a newly installed Riverbed Router.  Any ideas?

2013-10-05 23:15:17 2-Warning 6 Riverbed-Router Failed to connect to Riverbed-Router. Reason: (30044) No available encryption algorithms match with the server.. Will try again.

Hello,

I am pretty new in Kiwi CatTools so don't expect much.

The switch i wanted to back-up is the Cisco.SmallBusiness SF-300-24PP.

I keep getting this error;

'' Did not receive command prompt after connecting via SSH ''

We are looking to backup the configurations of a bunch of Vyatta type routers, same as we do for our Cisco routers.  We went plowing through the custom scripts and device documentation and aren't getting very far.  Since the Device.Backup.Running Config activity can backup different types of devices using different commands, it would appear that in the device would where the "show config" commands would be set up.  However, the Custom.Device.Template.txt.custom "script" has a lot more info that we are looking for and then it appears you have to bind together a main and client activity to the custom device?  We are just looking to have something exactly the same as Device.Backup.Running Config activity that will issue a "show configuration commands" for Vyatta instead of "show running-config" for Cisco.  We don't want to learn a new language to write scripts with and if we did, we wouldn't be paying over $200 per year for maintenance as we would then be writing our own software.

Is there a simple way to modify the backup running config activity to be able to work with Vyatta routers?

Thanks much

  ---RWR

We have been using Cat Tools to backup and monitor our Network gear configurations for changes.  On 9/20 we started having an issue with our DR Firewall connections.  Nothing has changed that we are aware of however now Cat Tools is failing with the Error description saying Failed to enter enable mode.  We have received this error randomly but usually only on one device and it clears up the next day when it runs again.  It is now happening daily on all 10 of our DR ASA's.  These are all Cisco 5505's. 

I have set the retry to 4 times and it seems that different ones, not always the same or not all of them, are able to eventually get into the enable mode and get a backup.

Here is what a good connection looks like in Cat Tools Info log:

2017-09-27 11:26:35  4-Debug         1          MtHome_ASA Login to MtHome_ASA was successful

2017-09-27 11:26:35  4-Debug         1          MtHome_ASA DeviceHostnameID: MTHOMEASA

2017-09-27 11:26:35  4-Debug         1          MtHome_ASA Entering enable mode

2017-09-27 11:26:35  4-Debug         1          MtHome_ASA Entering enable mode - sending command enable

2017-09-27 11:26:35  4-Debug         1          MtHome_ASA Entering enable mode - sending password:

2017-09-27 11:26:35  4-Debug         1          MtHome_ASA Waiting for enter enable password prompt

2017-09-27 11:26:36  4-Debug         1          MtHome_ASA Sending enable password

2017-09-27 11:26:36  4-Debug          1         MtHome_ASA Entered enable mode OK

And here is what a not good connection looks like:

2017-09-28 09:01:53  4-Debug         1          MtHome_ASA Login Cisco ASA: MtHome_ASA

2017-09-28 09:01:53  4-Debug         1          MtHome_ASA --> LoginSSH

2017-09-28 09:01:53  4-Debug         1          MtHome_ASA Waiting for command prompt

2017-09-28 09:01:53  4-Debug         1          MtHome_ASA Login to MtHome_ASA was successful

2017-09-28 09:01:53  4-Debug         1          MtHome_ASA DeviceHostnameID: MTHOMEASA

2017-09-28 09:01:54  4-Debug         1          MtHome_ASA Entering enable mode

2017-09-28 09:01:54  4-Debug         1          MtHome_ASA Entering enable mode - sending command enable

2017-09-28 09:01:54  4-Debug         1          MtHome_ASA Waiting for enter enable password prompt

2017-09-28 09:01:54   1-Error           1          MtHome_ASA Failed to enter enable mode.

2017-09-28 09:01:54  4-Debug         1          MtHome_ASA Aborting : Unable to enter enable mode

It’s like it doesn’t send the enable password at all.

Hey there,

since the last update im having several problems, one particular with command issuing and echo timeout i guess.

While issuing the following commands in a job

sh version

failover exec mate sh vers

show inventory

failover exec mate sh inventory

show int | grep error

sh access-list outside-access-out | i line 1 extended

sh access-list outside_access_out | i line 1 extended

sh failover

2 of about 150 devices are aborting due to command error and just showing a single line of the first command in the file:

asa-emft-oph# sh version

the same when issuing just "sh run"

Here the debug output for those 2 devices:

Device1:

<W-10:37:50>ssh -2 -l nocadmin XXXXXXXXX

<R-10:37:50>ssh -2 -l nocadmin XXXXXXXXXXX

<W-10:37:50>[13]

<R-10:37:50>[13][10]

<R-10:37:50>nocadmin@XXXXXXX's password:

<W-10:37:50>XXXXXXXXXXXXXXXXX[13]

<R-10:37:50>[13][10]

<R-10:37:51>Type help or '?' for a list of available commands.[13][10][13]asa-emft-oph#

<W-10:37:51>[13]

<W-10:37:51>[13]

<R-10:37:51>[13][10][13]asa-emft-oph#

<W-10:37:51>[13]

<R-10:37:51>[13][10][13]asa-emft-oph#

<W-10:37:51>sh version

<R-10:37:51>[13][10][13]asa-emft-oph#

<R-10:37:51>sh version

<W-10:37:51>[13]

<W-10:37:52>failover exec mate sh vers

<R-10:37:52>[13][10][13][10]Cisco Adaptive Security Appliance Software Version 9.1(7)23 [13][10]Device Manager Version 7.8(1)[13][10][13][10]Compiled on Thu 01-Feb-18 23:08 by builders[13][10]System image file is "disk0:/asa917-23-k8.bin"[13][10]Config file at boot was "disk0:/asa-emft-oph.cfg"[13][10][13][10]asa-emft-oph up 125 days 4 hours[13][10][13][10]Hardware:   ASA5520, 2048 MB RAM, CPU Pentium 4 Celeron 2000 MHz,[13][10]Internal ATA Compact Flash, 256MB[13][10]Slot 1: ATA Compact Flash, 512MB[13][10]BIOS Flash M50FW016 @ 0xfff00000, 2048KB[13][10][13][10]Encryption hardware device : Cisco ASA-55xx on-board accelerator (revision 0x0)[13][10]                             Boot microcode        : CN1000-MC-BOOT-2.00 [13][10]                             SSL/IKE microcode     : CNlite-MC-SSLm-PLUS-2.08[13][10]                             IPSec microcode       : CNlite-MC-IPSECm-MAIN-2.09[13][10]                             Number of accelerators: 1[13][10][13][10] 0: Ext: GigabitEthernet0/0  : address is f866.f2c4.a4cc, irq 9[13][10] 1: Ext: GigabitEthernet0/1  : address is f866.f2c4.a4cd, irq 9[13][10] 2: Ext: GigabitEthernet0/2  : address is f866.f2c4.a4ce, irq 9[13][10] 3: Ext: GigabitEthernet0/3  : address is f866.f2c4.a4cf, irq 9[13][10]<--- More --->

<R-10:37:52>[13]              [13] 4: Ext: Management0/0       : address is f866.f2c4.a4cb, irq 11[13][10] 5: Int: Internal-Data0/0    : address is 0000.0001.0002, irq 11[13][10] 6: Int: Internal-Control0/0 : address is 0000.0001.0001, irq 5[13][10][13][10]Licensed features for this platform:[13][10]Maximum Physical Interfaces       : Unlimited      perpetual[13][10]Maximum VLANs                     : 150            perpetual[13][10]Inside Hosts                      : Unlimited      perpetual[13][10]Failover                          : Active/Active  perpetual[13][10]Encryption-DES                    : Enabled        perpetual[13][10]Encryption-3DES-AES               : Enabled        perpetual[13][10]Security Contexts                 : 2              perpetual[13][10]GTP/GPRS                          : Disabled       perpetual[13][10]AnyConnect Premium Peers          : 2              perpetual[13][10]AnyConnect Essentials             : Disabled       perpetual[13][10]Other VPN Peers                   : 750            perpetual[13][10]Total VPN Peers                   : 750            perpetual[13][10]Shared License                    : Disabled       perpetual[13][10]AnyConnect for Mobile             : Disabled       perpetual[13][10]AnyConnect for Cisco VPN Phone    : Disabled       perpetual[13][10]Advanced Endpoint Assessment      : Disabled       perpetual[13][10]UC Phone Proxy Sessions           : 2              perpetual[13][10]Total UC Proxy Sessions           : 2              perpetual[13][10]Botnet Traffic Filter             : Disabled       perpetual[13][10]<--- More --->[13]              [13]Intercompany Media Engine         : Disabled       perpetual[13][10]Cluster                           : Disabled       perpetual[13][10][13][10]This platform has an ASA 5520 VPN Plus license.[13][10][13][10]Serial Number: JMX1447L037[13][10]Running Permanent Activation Key: 0xd827ec71 0x88d7e59b 0x9c212148 0x9d108494 0x8f201181 [13][10]

<R-10:37:53>Configuration register is 0x1[13][10]Configuration last modified by admin at 13:33:40.297 CEDT Wed Jun 13 2018[13][10][13]asa-emft-oph# mate sh vers

================================================================================

WFDRetVal=0. Waiting for: "failoverexecmateshvers"

WFDBuffer="ciscoadaptivesecurityappliancesoftwareversion9.1(7)23devicemanagerversion7.8(1)compiledonthu01-feb-1823:08bybuilderssystemimagefileis"disk0:/asa917-23-k8.bin"configfileatbootwas"disk0:/asa-emft-oph.cfg"asa-emft-ophup125days4hourshardware:asa5520,2048mbram,cpupentium4celeron2000mhz,internalatacompactflash,256mbslot1:atacompactflash,512mbbiosflashm50fw016@0xfff00000,2048kbencryptionhardwaredevice:ciscoasa-55xxon-boardaccelerator(revision0x0)bootmicrocode:cn1000-mc-boot-2.00ssl/ikemicrocode:cnlite-mc-sslm-plus-2.08ipsecmicrocode:cnlite-mc-ipsecm-main-2.09numberofaccelerators:10:ext:gigabitethernet0/0:addressisf866.f2c4.a4cc,irq91:ext:gigabitethernet0/1:addressisf866.f2c4.a4cd,irq92:ext:gigabitethernet0/2:addressisf866.f2c4.a4ce,irq93:ext:gigabitethernet0/3:addressisf866.f2c4.a4cf,irq9<---more--->4:ext:management0/0:addressisf866.f2c4.a4cb,irq115:int:internal-data0/0:addressis0000.0001.0002,irq116:int:internal-control0/0:addressis0000.0001.0001,irq5licensedfeaturesforthisplatform:maximumphysicalinterfaces:unlimitedperpetualmaximumvlans:150perpetualinsidehosts:unlimitedperpetualfailover:active/activeperpetualencryption-des:enabledperpetualencryption-3des-aes:enabledperpetualsecuritycontexts:2perpetualgtp/gprs:disabledperpetualanyconnectpremiumpeers:2perpetualanyconnectessentials:disabledperpetualothervpnpeers:750perpetualtotalvpnpeers:750perpetualsharedlicense:disabledperpetualanyconnectformobile:disabledperpetualanyconnectforciscovpnphone:disabledperpetualadvancedendpointassessment:disabledperpetualucphoneproxysessions:2perpetualtotalucproxysessions:2perpetualbotnettrafficfilter:disabledperpetual<---more--->intercompanymediaengine:disabledperpetualcluster:disabledperpetualthisplatformhasanasa5520vpnpluslicense.serialnumber:jmx1447l037runningpermanentactivationkey:0xd827ec710x88d7e59b0x9c2121480x9d1084940x8f201181configurationregisteris0x1configurationlastmodifiedbyadminat13:33:40.297cedtwedjun132018asa-emft-oph#mateshvers"

================================================================================

<W-10:38:23>[13]

<R-10:38:23>[13][10]               ^[13][10]ERROR: % Invalid input detected at '^' marker.[13][10][13]asa-emft-oph#

<W-10:38:23>[13]

<R-10:38:23>[13][10][13]asa-emft-oph#

<W-10:38:23>disable

<R-10:38:24>disable

<W-10:38:24>[13]

<R-10:38:24>[13][10][13]asa-emft-oph>

<W-10:38:24>[13]

<R-10:38:24>[13][10][13]asa-emft-oph>

<W-10:38:24>exit[13]

<D 10:38:24>

<SCRIPT VALUES>

<HOSTNAME="asa-emft-oph">

<PROMPT VTY="asa-emft-oph>">

<PROMPT ENABLE="asa-emft-oph#">

<PROMPT CONFIG="asa-emft-oph(">

Device2:

<W-10:37:50>ssh -2 -l nocadmin XXXXXXXX

<R-10:37:50>ssh -2 -l nocadmin XXXXXXXXXX

<W-10:37:50>[13]

<R-10:37:50>[13][10]

<R-10:37:50>Unauthorized access prohibited[13][10]nocadmin@192.44.23.130's password:

<W-10:37:50>XXXXXXXXXXXXXX[13]

<R-10:37:50>[13][10]

<R-10:37:51>User nocadmin logged in to asa-iml[13][10]Logins over the last 127 days: 521.  Last login: 10:13:13 CEDT Jun 14 2018 from 153.96.2.16[13][10]Failed logins since the last login: 0.  [13][10]Type help or '?' for a list of available commands.[13][10][13]asa-iml#

<W-10:37:51>[13]

<W-10:37:51>[13]

<R-10:37:51>[13][10][13]asa-iml#

<W-10:37:51>[13]

<R-10:37:51>[13][10][13]asa-iml#

<W-10:37:51>sh version

<R-10:37:51>[13][10][13]asa-iml#

<R-10:37:51>sh version

<W-10:37:51>[13]

<W-10:37:51>failover exec mate sh vers

<R-10:37:51>[13][10][13][10]Cisco Adaptive Security Appliance Software Version 9.8(2)20 [13][10]Firepower Extensible Operating System Version 2.2(2.63)[13][10]Device Manager Version 7.8(1)[13][10][13][10]Compiled on Fri 02-Feb-18 06:18 PST by builders[13][10]System image file is "disk0:/asa982-20-smp-k8.bin"[13][10]Config file at boot was "disk0:/asa-iml.cfg"[13][10][13][10]asa-iml up 126 days 19 hours[13][10]failover cluster up 302 days 16 hours[13][10][13][10]Hardware:   ASA5545, 12288 MB RAM, CPU Lynnfield 2660 MHz, 1 CPU (8 cores)[13][10]            ASA: 6466 MB RAM, 1 CPU (1 core)[13][10]Internal ATA Compact Flash, 8192MB[13][10]BIOS Flash MX25L6445E @ 0xffbb0000, 8192KB[13][10][13][10]Encryption hardware device : Cisco ASA Crypto on-board accelerator (revision 0x1)[13][10]                             Boot microcode        : CNPx-MC-BOOT-2.00[13][10]                             SSL/IKE microcode     : CNPx-MC-SSL-SB-PLUS-0005[13][10]                             IPSec microcode       : CNPx-MC-IPSEC-MAIN-0026[13][10]                             Number of accelerators: 1[13][10]Baseboard Management Controller (revision 0x1) Firmware Version: 2.4[13][10][13][10][13][10]<--- More --->

<R-10:37:51>[13]              [13] 0: Int: Internal-Data0/0    : address is 0027.e3e4.0220, irq 11[13][10] 1: Ext: GigabitEthernet0/0  : address is 0027.e3e4.0225, irq 5[13][10] 2: Ext: GigabitEthernet0/1  : address is 0027.e3e4.0221, irq 5[13][10] 3: Ext: GigabitEthernet0/2  : address is 0027.e3e4.0226, irq 10[13][10] 4: Ext: GigabitEthernet0/3  : address is 0027.e3e4.0222, irq 10[13][10] 5: Ext: GigabitEthernet0/4  : address is 0027.e3e4.0227, irq 5[13][10] 6: Ext: GigabitEthernet0/5  : address is 0027.e3e4.0223, irq 5[13][10] 7: Ext: GigabitEthernet0/6  : address is 0027.e3e4.0228, irq 10[13][10] 8: Ext: GigabitEthernet0/7  : address is 0027.e3e4.0224, irq 10[13][10] 9: Int: Internal-Data0/1    : address is 0000.0001.0002, irq 0[13][10]10: Int: Internal-Control0/0 : address is 0000.0001.0001, irq 0[13][10]11: Int: Internal-Data0/2    : address is 0000.0001.0003, irq 0[13][10]12: Ext: Management0/0       : address is 0027.e3e4.0220, irq 0[13][10]13: Int: Internal-Data0/3    : address is 0000.0100.0001, irq 0[13][10][13][10]Licensed features for this platform:[13][10]Maximum Physical Interfaces       : Unlimited      perpetual[13][10]Maximum VLANs                     : 300            perpetual[13][10]Inside Hosts                      : Unlimited      perpetual[13][10]Failover                          : Active/Active  perpetual[13][10]Encryption-DES                    : Enabled        perpetual[13][10]Encryption-3DES-AES               : Enabled        perpetual[13][10]Security Contexts                 : 2              perpetual[13][10]Carrier                           : Disabled       perpetual[13][10]<--- More --->[13]              [13]AnyConnect Premium Peers          : 2500           perpetual[13][10]AnyConnect Essentials             : Disabled       perpetual[13][10]Other VPN Peers                   : 2500           perpetual[13][10]Total VPN Peers                   : 2500           perpetual[13][10]AnyConnect for Mobile             : Enabled        perpetual[13][10]AnyConnect for Cisco VPN Phone    : Enabled        perpetual[13][10]Advanced Endpoint Assessment      : Enabled        perpetual[13][10]Shared License                    : Disabled       perpetual[13][10]Total TLS Proxy Sessions          : 2              perpetual[13][10]Botnet Traffic Filter             : Disabled       perpetual[13][10]IPS Module                        : Disabled       perpetual[13][10]Cluster                           : Enabled        perpetual[13][10]Cluster Members                   : 2              perpetual[13][10][13][10]This platform has an ASA5545 VPN Premium license.[13][10][13][10][13][10]Failover cluster licensed features for this platform:[13][10]Maximum Physical Interfaces       : Unlimited      perpetual[13][10]Maximum VLANs                     : 300            perpetual[13][10]Inside Hosts                      : Unlimited      perpetual[13][10]Failover                          : Active/Active  perpetual[13][10]Encryption-DES                    : Enabled        perpetual[13][10]Encryption-3DES-AES               : Enabled        perpetual[13][10]<--- More --->

<R-10:37:51>[13]              [13]Security Contexts                 : 4              perpetual[13][10]Carrier                           : Disabled       perpetual[13][10]AnyConnect Premium Peers          : 2500           perpetual[13][10]AnyConnect Essentials             : Disabled       perpetual[13][10]Other VPN Peers                   : 2500           perpetual[13][10]Total VPN Peers                   : 2500           perpetual[13][10]AnyConnect for Mobile             : Enabled        perpetual[13][10]AnyConnect for Cisco VPN Phone    : Enabled        perpetual[13][10]Advanced Endpoint Assessment      : Enabled        perpetual[13][10]Shared License                    : Disabled       perpetual[13][10]Total TLS Proxy Sessions          : 4              perpetual[13][10]Botnet Traffic Filter             : Disabled       perpetual[13][10]IPS Module                        : Disabled       perpetual[13][10]Cluster                           : Enabled        perpetual[13][10][13][10]This platform has an ASA5545 VPN Premium license.[13][10][13][10]Serial Number: FCH21147VP5[13][10]Running Permanent Activation Key: 0x752ec867 0x24c86c51 0x11727950 0xda9cf0d8 0xc01cf2bc [13][10]

<R-10:37:52>Configuration register is 0x1[13][10][13][10]Image type          : Release[13][10]Key version         : A[13][10][13][10]<--- More --->[13]              [13]Configuration last modified by root at 09:56:02.322 CEDT Wed Jun 13 2018[13][10][13]asa-iml# vers

================================================================================

WFDRetVal=0. Waiting for: "failoverexecmateshvers"

WFDBuffer="ciscoadaptivesecurityappliancesoftwareversion9.8(2)20firepowerextensibleoperatingsystemversion2.2(2.63)devicemanagerversion7.8(1)compiledonfri02-feb-1806:18pstbybuilderssystemimagefileis"disk0:/asa982-20-smp-k8.bin"configfileatbootwas"disk0:/asa-iml.cfg"asa-imlup126days19hoursfailoverclusterup302days16hourshardware:asa5545,12288mbram,cpulynnfield2660mhz,1cpu(8cores)asa:6466mbram,1cpu(1core)internalatacompactflash,8192mbbiosflashmx25l6445e@0xffbb0000,8192kbencryptionhardwaredevice:ciscoasacryptoon-boardaccelerator(revision0x1)bootmicrocode:cnpx-mc-boot-2.00ssl/ikemicrocode:cnpx-mc-ssl-sb-plus-0005ipsecmicrocode:cnpx-mc-ipsec-main-0026numberofaccelerators:1baseboardmanagementcontroller(revision0x1)firmwareversion:2.4<---more--->0:int:internal-data0/0:addressis0027.e3e4.0220,irq111:ext:gigabitethernet0/0:addressis0027.e3e4.0225,irq52:ext:gigabitethernet0/1:addressis0027.e3e4.0221,irq53:ext:gigabitethernet0/2:addressis0027.e3e4.0226,irq104:ext:gigabitethernet0/3:addressis0027.e3e4.0222,irq105:ext:gigabitethernet0/4:addressis0027.e3e4.0227,irq56:ext:gigabitethernet0/5:addressis0027.e3e4.0223,irq57:ext:gigabitethernet0/6:addressis0027.e3e4.0228,irq108:ext:gigabitethernet0/7:addressis0027.e3e4.0224,irq109:int:internal-data0/1:addressis0000.0001.0002,irq010:int:internal-control0/0:addressis0000.0001.0001,irq011:int:internal-data0/2:addressis0000.0001.0003,irq012:ext:management0/0:addressis0027.e3e4.0220,irq013:int:internal-data0/3:addressis0000.0100.0001,irq0licensedfeaturesforthisplatform:maximumphysicalinterfaces:unlimitedperpetualmaximumvlans:300perpetualinsidehosts:unlimitedperpetualfailover:active/activeperpetualencryption-des:enabledperpetualencryption-3des-aes:enabledperpetualsecuritycontexts:2perpetualcarrier:disabledperpetual<---more--->anyconnectpremiumpeers:2500perpetualanyconnectessentials:disabledperpetualothervpnpeers:2500perpetualtotalvpnpeers:2500perpetualanyconnectformobile:enabledperpetualanyconnectforciscovpnphone:enabledperpetualadvancedendpointassessment:enabledperpetualsharedlicense:disabledperpetualtotaltlsproxysessions:2perpetualbotnettrafficfilter:disabledperpetualipsmodule:disabledperpetualcluster:enabledperpetualclustermembers:2perpetualthisplatformhasanasa5545vpnpremiumlicense.failoverclusterlicensedfeaturesforthisplatform:maximumphysicalinterfaces:unlimitedperpetualmaximumvlans:300perpetualinsidehosts:unlimitedperpetualfailover:active/activeperpetualencryption-des:enabledperpetualencryption-3des-aes:enabledperpetual<---more--->securitycontexts:4perpetualcarrier:disabledperpetualanyconnectpremiumpeers:2500perpetualanyconnectessentials:disabledperpetualothervpnpeers:2500perpetualtotalvpnpeers:2500perpetualanyconnectformobile:enabledperpetualanyconnectforciscovpnphone:enabledperpetualadvancedendpointassessment:enabledperpetualsharedlicense:disabledperpetualtotaltlsproxysessions:4perpetualbotnettrafficfilter:disabledperpetualipsmodule:disabledperpetualcluster:enabledperpetualthisplatformhasanasa5545vpnpremiumlicense.serialnumber:fch21147vp5runningpermanentactivationkey:0x752ec8670x24c86c510x117279500xda9cf0d80xc01cf2bcconfigurationregisteris0x1imagetype:releasekeyversion:a<---more--->configurationlastmodifiedbyrootat09:56:02.322cedtwedjun132018asa-iml#vers"

================================================================================

<W-10:38:22>[13]

<R-10:38:22>[13][10]            ^[13][10]ERROR: % Invalid input detected at '^' marker.[13][10][13]asa-iml#

<W-10:38:22>[13]

<R-10:38:22>[13][10][13]asa-iml#

<W-10:38:22>disable

<R-10:38:22>disable

<W-10:38:22>[13]

<R-10:38:22>[13][10][13]asa-iml>

<W-10:38:22>[13]

<R-10:38:22>[13][10][13]asa-iml>

<W-10:38:23>exit[13]

<D 10:38:23>

<SCRIPT VALUES>

<HOSTNAME="asa-iml">

<PROMPT VTY="asa-iml>">

<PROMPT ENABLE="asa-iml#">

<PROMPT CONFIG="asa-iml(">

The Devices are accessed with a jumphost based on linux which never made any problems before, and does not interfere with alle the other ASAs where its working, so i guess this isnt the problem.

Any suggestions?

Hi,

I found that SNMP RO/RW is shown in device information,

but I wanna know if I blank the AAA & SSH username, just fill in the SNMP RW, can I make activities work?

P.S. snmp-server community xxx RO is configured on Cisco swithchs & Routers.

Thanks!!!

Dear community,

I am currently trying to configure Kiwi Cattools v3.9.1 (no Solarwinds support any more) to back up our Cisco devices' running config. The backup from some devices work without problem, from some other devices Kiwi cannot back up the config (routers and switches).

The network settings (routing, firewall rules etc) are correct because we use an additional type of activity (Device.CLI.Send.commands) with the affected devices which works properly.

When running a Device.Backup.Runinng.Config activity against the devices, two things happen:

- The activity finishes with the following error for all the specified devices and the config is not backed up at all:

     "Unable to log to Debug file. Error: Bad file name or number"

- The activity finishes without error, Kiwi confirms the backup with "Backup Running Config results: OK" for all specified devices, I see in the mail queue that the e-mail has been queued and contains an attachment (HTML report about the activity's result) but not all the configs have been backed up locally into the specified folder (C:/Shares) and the e-mail does not list all the devices as backed up. After enabling debug mode, I can see that Kiwi logs in to all the devices, backs up the configs and disconnects from the devices successfully, so it seems that the activity has been finished successfully but the config files from some of the devices are missing at the end.

At this point, I received the following error message for these devices:

     "Log to file error: Bad file name or numberC:\Program Files(x86)\CatTools3\ClientTemp\RunningConfig.[device_name].temp.txt"                         note: device_name is hidden in the message

The missing files are from the same devices until I change the name of the problematic devices in Kiwi. When that happens, Kiwi does not drop the previous error message any more for the device but does not bac kup the config at all.

I tried to change the hostname on one problematic device as well but it did not help -> no backed up config.

The Kiwi service has also been restarted, it did not help.

By now I could not find any solution on the web nor any reference to any Cattools bug.

Do you have any idea? Maybe some bug in v3.9.1? Do you know any solution?

Thank you for the help in advance.

Hi!

Is there a chance that CatTools could retrieve the config.ini of a APC SmartUPS AP9617/AP9630 Network Management Card using FTP? It would be great if someone of the development team could have a look at it.

Here's a "capture" of a FTP session:

ftp> open 10.0.0.1
Connected to 10.0.0.1.
220 AP9617 Network Management Card AOS v3.7.3 FTP server ready.
User (10.0.0.1:(none)): admin
331 User name okay, need password.
Password:
230 User logged in, proceed.
ftp> bin
200 TYPE Command okay.
ftp> hash
Hash mark printing On  ftp: (2048 bytes/hash mark) .
ftp> get config.ini
200 PORT Command okay.
150 File status okay; about to open data connection.
#######################226 Closing data connection.
ftp: 47311 bytes received in 15,25Seconds 3,10Kbytes/sec.
ftp> close
221 Thank you for using APC products!
ftp> quit

Regards, Leonardo

I am unable to backup our config file using CatTools 3.4. I have attached the debug file.

The details when watching the info log says: VTY password prompt returned, sending password again. then eventually it says: Did not receive expected response to VTY password. I can telnet to it fine. I don't know what I am missing here.

I'm trying to pull several files off a Cisco ASA 5500, it seems for smaller files I don't have an issue but for larger files I hit a very odd issue.

Basic format in the Options screen for the "Device.CLI.Send commands" activity:

copy flash: tftp:

dap.xml

192.168.123.4

%ctGroupName/%ctDeviceName/dap.xml

copy flash: tftp:

asa917-12-k8.bin

192.168.123.4

%ctGroupName/%ctDeviceName/asa917-12-k8.bin

Here's the odd bit.  The activity will error out because it "Did not receive echo of asa917-12-k8.bin" however once it errors out, the file is actually transferred and completes.

Debug output:

<W-3:16:00 PM>copy flash: tftp:

<R-3:16:01 PM>[13][10][13]ciscoasa5550# copy flash: tftp:

<W-3:16:01 PM>[13]

<W-3:16:01 PM>asa917-12-k8.bin

<R-3:16:01 PM>[13][10][13][13][10]Source filename []? asa917-12-k8.bin

<W-3:16:01 PM>[13]

<W-3:16:01 PM>192.168.123.4

<R-3:16:01 PM>[13][10][13][13][10]Address or name of remote host []? 192.168.123.4

<W-3:16:01 PM>[13]

<W-3:16:01 PM>firewall/nydc-asa5550/asa917-12-k8.bin

<R-3:16:01 PM>[13][10][13][13][10]Destination filename [asa917-12-k8.bin]? firewall/nydc-asa5550/asa917-12-k8.bi[08][08][08][08][08][08][08][08][08][08][08][08][08][08][08][08][08][08][08][08][08][08][08][08][08][08][08][08][08][08][08][08][08][08][08][08][08]$-12-k8.bin                          [08][08][08][08][08][08][08][08][08][08][08][08][08][08][08][08][08][08][08][08][08][08][08][08][08][08]

================================================================================

WFDRetVal=0. Waiting for: "firewall/nydc-asa5550/asa917-12-k8.bin"

WFDBuffer="destinationfilename[asa917-12-k8.bin]?firewall/nydc-asa5550/asa917-12-k8.bi$-12-k8.bin"

================================================================================

<W-3:18:02 PM>[13]

<R-3:18:02 PM>[08][08][08][08][08][08][08][08][08][08][08]firewall/nydc-asa5550/asa917-12-k8.b$[08][08][08][08][13][10]

<R-3:18:02 PM>[13][10]

<R-3:18:04 PM>Writing file tftp://192.168.123.4/firewall/nydc-asa5550/asa917-12-k8.bin...[13][10]

<R-3:18:04 PM>!!!!

<R-3:18:04 PM>!!

~~~SNIP~~~

<R-3:19:24 PM>!!!!!!!!

<R-3:19:24 PM>!!!!!!!!

<R-3:19:24 PM>!!

<R-3:19:24 PM>!!!![13][10]27703296 bytes copied in 82.

<R-3:19:24 PM>160 secs (337845 by

<R-3:19:24 PM>tes/sec

<R-3:19:24 PM>)

<R-3:19:25 PM>[13][10][13]ciscoasa5550#

<W-3:19:25 PM>[13]

<R-3:19:25 PM>[13][10][13]ciscoasa5550#

<W-3:19:25 PM>disable

<R-3:19:26 PM>disable

<W-3:19:26 PM>[13]

<R-3:19:26 PM>[13][10][13]ciscoasa5550>

<W-3:19:26 PM>[13]

<R-3:19:26 PM>[13][10][13]ciscoasa5550>

<W-3:19:26 PM>exit[13]

<D 3:19:26 PM>

<SCRIPT VALUES>

<HOSTNAME="ciscoasa5550">

<PROMPT VTY="ciscoasa5550>">

<PROMPT ENABLE="ciscoasa5550#">

<PROMPT CONFIG="ciscoasa5550(">

I've tried adjusting the timeout, all that does is put in a delay before the file is actuall transferred.

Any ideas (besides creating a backup activity for each file)?

Thanks!

--Sam

We have been using Cat Tools to backup and monitor our Network gear configurations for changes.  On 9/20 we started having an issue with our DR Firewall connections.  Nothing has changed that we are aware of however now Cat Tools is failing with the Error description saying Failed to enter enable mode.  We have received this error randomly but usually only on one device and it clears up the next day when it runs again.  It is now happening daily on all 10 of our DR ASA's.  These are all Cisco 5505's. 

I have set the retry to 4 times and it seems that different ones, not always the same or not all of them, are able to eventually get into the enable mode and get a backup.

Here is what a good connection looks like in Cat Tools Info log:

2017-09-27 11:26:35  4-Debug         1          MtHome_ASA Login to MtHome_ASA was successful

2017-09-27 11:26:35  4-Debug         1          MtHome_ASA DeviceHostnameID: MTHOMEASA

2017-09-27 11:26:35  4-Debug         1          MtHome_ASA Entering enable mode

2017-09-27 11:26:35  4-Debug         1          MtHome_ASA Entering enable mode - sending command enable

2017-09-27 11:26:35  4-Debug         1          MtHome_ASA Entering enable mode - sending password:

2017-09-27 11:26:35  4-Debug         1          MtHome_ASA Waiting for enter enable password prompt

2017-09-27 11:26:36  4-Debug         1          MtHome_ASA Sending enable password

2017-09-27 11:26:36  4-Debug          1         MtHome_ASA Entered enable mode OK

And here is what a not good connection looks like:

2017-09-28 09:01:53  4-Debug         1          MtHome_ASA Login Cisco ASA: MtHome_ASA

2017-09-28 09:01:53  4-Debug         1          MtHome_ASA --> LoginSSH

2017-09-28 09:01:53  4-Debug         1          MtHome_ASA Waiting for command prompt

2017-09-28 09:01:53  4-Debug         1          MtHome_ASA Login to MtHome_ASA was successful

2017-09-28 09:01:53  4-Debug         1          MtHome_ASA DeviceHostnameID: MTHOMEASA

2017-09-28 09:01:54  4-Debug         1          MtHome_ASA Entering enable mode

2017-09-28 09:01:54  4-Debug         1          MtHome_ASA Entering enable mode - sending command enable

2017-09-28 09:01:54  4-Debug         1          MtHome_ASA Waiting for enter enable password prompt

2017-09-28 09:01:54   1-Error           1          MtHome_ASA Failed to enter enable mode.

2017-09-28 09:01:54  4-Debug         1          MtHome_ASA Aborting : Unable to enter enable mode

It’s like it doesn’t send the enable password at all.

Hi forum users,

I was playing with the demo version and it came to my attention that Cattools only lists the 2600 series of HP switches. We also use the 5400 and 8200 series. It seems to work also.

I am writing this because of a small problem I cannot trace. I have no problem logging on to my HP 2610 switch. Also when in "enabled" mode I can run all switch commands. The problem is when I want to go into "config" mode on the switch strange things happen.

As a test I did the following:
In the CLI option box I scripted the following HP commands:

config
no vlan 60
vlan 60
name nuwerkthet
exit
wr mem
exit
exit
exit
y

This script go's into config mode and deletes vlan 60. After that it constructs vlan 60 with the name "nuwerkthet". Then an exit and a WRite MEMory command. Than I exit the switch and logout.

When looking at the Info log I keep receiving the message "Did not receive expected response to XXXXXXXXXX. It also takes the script very long to finish. (about 5 min.).

The script does not end (logout) and wants to start again. I then abort it by hand.

When looking at log text I see the commands stated before my prompt name. Is this normal? I would think it should come after the prompt. (see log file below).

configFERRY_werkplek(config)#
vlan 60FERRY_werkplek(vlan-60)#
name testvlanFERRY_werkplek(vlan-60)#
exitFERRY_werkplek(config)#
wr memFERRY_werkplek(config)#
exit
exitFERRY_werkplek>
exitDo you want to log out [y/n]? y

I am receiving the following message from a newly installed Riverbed Router.  Any ideas?

2013-10-05 23:15:17 2-Warning 6 Riverbed-Router Failed to connect to Riverbed-Router. Reason: (30044) No available encryption algorithms match with the server.. Will try again.

when using kiwi to add config i get error failed to receive config prompt after entering command: crypto key generate rsa

obviously the switch is waiting for an input. ive tried adding the input on the next line but it doesnt seem to work.

how do i enter the command using kiwi

Hi All ,

I am not able to take the backup of Fortigate  which has configured on VDOM environment .

Some Fortigate's I am able to take but Vdom configuration's are missing from the Backup .

Did any one faced this issues and what was the solutions you found on Kiwi Cat tools

Please help thanks in advance

Regards

Vineeth

Having trouble backing up Fortigate 60D.

Have tried to follow steps here:

Fortinet Knowledge Base - View Document

But to no avail. Am I supposed to use this with variations? I have found that the show is not the same as show full-configurations.

Can someone direct me in how to properly back these up?