F5 FP1000 config backups in Cirrus

Question

I have found a procedure for backing up and restoring configs in the Firepass 1000 SSL VPN equipment.  I was wondering.....If I run a serial cable to my Cirrus Config manager host....can I pull the config over the serial line instead of by IP?

SOL3244: Backing up and restoring FirePass system software

Updated: 7/17/07 12:00 AM

Beginning in FirePass version 5.0, you can use the snapshot feature to create an image of the current system software and configuration. You can use this snapshot image, stored on the FirePass hard disk, to restore the system to a previous version or configuration.

Note: The snapshot feature is available only on FirePass systems that are shipped with version 5.0 or later. You cannot use the snapshot feature on FirePass systems that you have upgraded from versions 3.x or 4.x. If you attempt to use the snapshot feature on a system that was not shipped with version 5.0 or later, you will receive the following error message:

This functionality is not supported on this FirePass.

Creating a snapshot

To create a snapshot, perform the following steps:

* Connect a serial terminal to the FirePass controller, using a null-modem cable. Note: Refer to the FirePass Getting Started Guide for serial port settings for your hardware platform.

* Start a serial terminal session. A login prompt appears.

* Log in with the username maintenance. Note: A password is not required, by default.

A screen of conditions of use appears.

* Press the Enter key or type y to agree to the conditions. A screen of options appears.

* Select the Create/restore FirePass snapshot option, and press the Enter key.
* When prompted to restart the FirePass controller in recovery mode, press the Enter key or type y to restart. The system will reboot.

After reboot, you should see the following banner on the serial terminal:

Welcome to the FirePass Snapshot Create/Restore Utility.
Please login as 'maintenance'.
firepass login:

* Log in with the username maintenance. A screen of options appears.

* Select the Create FirePass snapshot option and press the Enter key. A status screen is displayed while the snapshot is created.

* When the snapshot creation is complete, select the Exit and Reboot FirePass in normal mode option and press the Enter key. FirePass will reboot into normal operating (non-maintenance) mode.

Restoring a snapshot

To restore a snapshot, perform the following steps:

* Connect a serial terminal to the FirePass controller. Note: Refer to the FirePass Getting Started Guide for serial port settings for your hardware platform.

* Start a serial terminal session. A login prompt appears.

* Log in with the username maintenance. Note: A password is not required, by default.

A screen of conditions of use appears.

* Press the Enter key or the y key to agree to the conditions, or the n key if you do not agree to the conditions. A screen of conditions appears.

* Select the Create/restore FirePass snapshot option, and press the Enter key. Note: In FirePass version 6.0 and later, a confirmation screen will appear.

* When prompted to restart the FirePass controller in recovery mode, type the Enter key or type y to restart The system will reboot. After reboot, you should see the following banner on the serial terminal:

Welcome to the FirePass Snapshot Create/Restore Utility.
Please login as 'maintenance'.
firepass login:

* Log in with the username maintenance. A screen of options appears.

* Press the Enter key or the y key to agree to the conditions.

A screen of options appears.

* Select one of the following options: * Revert FirePass to last working configuration snapshot This option restores FirePass using the last snapshot you created.

* Revert FirePass to factory default snapshot This option restores FirePass using a snapshot of the base operating system at the time the unit was shipped. This snapshot does not contain your configuration.

A status screen is displayed while the snapshot is restored.

* When the snapshot restoration is complete, select the Exit and Reboot FirePass in normal mode option. FirePass will reboot into normal operating (non-maintenance) mode.

chris.lapoint · Answer

Yes, that should work.  Here are the instructions:

Adding Nodes Connected through a Serial Terminal ServerWhen adding devices connected through a serial terminal server, you need to specify certain information that is specific to the terminal server device and other information that is specific to the device attached to the terminal server to which you want to connect. Complete the following procedure, paying close attention to the credential sections. To add a device connected through a serial terminal server:1. Click Nodes > Add New Node.2. Type the IP address of the node assigned through the terminal server. For example, the Cisco terminal server device used in the SolarWinds lab, a Cisco 2500 Access Server, uses ports appended to the end of the loopback IP address to specify different devices. In this case, type 10.10.29.1 2001. Some devices allow you to specify unique IP addresses, in which case, specify the assigned IP address in this field.3. Ignore the community string information, as it does not apply when connecting through a terminal server device.4. Select the device template for the connected device, not for the terminal server device.5. If you want to add the node to a group, type or select a node group from the list. If you do not select a group, your new node is grouped in the Unknown group.6. Specify the login credentials, enable level, and enable password for the target device. Again, do not specify the password for the terminal server device.7. Select Yes in the Terminal Server Support field.8. Click OK. When the Add Device dialog states that the IP address does not respond to SNMP queries, click Yes.

tbaggins · Answer

Hmmm,  Is there some device I can attach a serial connection to that will then use Telnet to communicate back to Cirrus?  Say a 4 port serial box with IP connectivity using Telnet or SSH?

chris.lapoint · Answer

This would require communication with the device via the serial port.  Currently, we support SSH, Telnet, TFTP, and SNMP/TFTP (for Cisco devices).