NCM Upload Config Issue with Palo Alto and Fortinet Devices

We are using the latest Orion 2024.1.1. In NCM we can download Configs fine but when we upload that same Config it does not accept it. SW Dev says it does not accept .config file format. How come it does not accept the .config format when it is the same backup Config that we downloaded in NCM? They said it only accepts .xml file format. SW Dev said it is a Product Limitation and that they need to create a Feature for this.

Here are the devices we are using:

Palo Alto - PA - 3220
Version 10.2.8-h3


Fortinet ADC
V7.2.6


Fortigate
V70.11


Forti WAF
V 7.2.9 1000E

Any of you guys facing the same issue?

Parents
  • Even if they had a conversion tool to convert the .config to xml format would be useful.

  • You have to keep in mind that NCM was written originally for the Cisco world where you could do a show run and copy the whole text output and then inject that plain text right back into a device as a config.  Palo and Fortigate and several other vendors don't work that way.  The version of the config you get from show commands is not the same format as what they want in a config upload.    

    I can say from historical experience with SWI they are very unlikely to build a conversion tool.  They tend to shy away from taking on any custom development obligations to keep things like that reliably working across vendors and versions.  The take the data our hardware produces and they store it or display it, as-is, that way there is no room to say something somehow got screwed up by SW.  The burden and liability of anything happening remains entirely on the vendors of the hardware.  it's the only sane approach when building multi vendor platforms like this.

    A more realistic solution is that NCM does have a way to download and upload files via SCP, which is what we would need to do for PA and Fortigate.  For whatever reason the OOTB templates on those devices don't currently connect via SCP but members of the community could build a custom template to do so if we wanted.  I don't have that level of access to either brand right now or I could crank the modified template out in about as long as it took me to write this response.

    https://documentation.solarwinds.com/en/success_center/ncm/content/ncm-create-device-template.htm

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClfCCAS

    https://docs.rackspace.com/docs/back-up-the-fortinet-fortigate-vm

    Just need to create a modified version of the templates that uses the scp commands for upload and downloads, it would look roughly similar to the F5 template.

Reply
  • You have to keep in mind that NCM was written originally for the Cisco world where you could do a show run and copy the whole text output and then inject that plain text right back into a device as a config.  Palo and Fortigate and several other vendors don't work that way.  The version of the config you get from show commands is not the same format as what they want in a config upload.    

    I can say from historical experience with SWI they are very unlikely to build a conversion tool.  They tend to shy away from taking on any custom development obligations to keep things like that reliably working across vendors and versions.  The take the data our hardware produces and they store it or display it, as-is, that way there is no room to say something somehow got screwed up by SW.  The burden and liability of anything happening remains entirely on the vendors of the hardware.  it's the only sane approach when building multi vendor platforms like this.

    A more realistic solution is that NCM does have a way to download and upload files via SCP, which is what we would need to do for PA and Fortigate.  For whatever reason the OOTB templates on those devices don't currently connect via SCP but members of the community could build a custom template to do so if we wanted.  I don't have that level of access to either brand right now or I could crank the modified template out in about as long as it took me to write this response.

    https://documentation.solarwinds.com/en/success_center/ncm/content/ncm-create-device-template.htm

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClfCCAS

    https://docs.rackspace.com/docs/back-up-the-fortinet-fortigate-vm

    Just need to create a modified version of the templates that uses the scp commands for upload and downloads, it would look roughly similar to the F5 template.

Children