7 Replies Latest reply on Jun 8, 2018 7:03 PM by mwtimken

    Cisco FTD - Simple script to download configuration

    kksiazek

      Just trying to write a simple automated script that will download the running-config from a Cisco FTD Firewall. 

       

      The process is :

       

      ssh to device

      login with username/password

      type command : system support diagnostic

      type command : show run

        • Re: Cisco FTD - Simple script to download configuration
          scubabubbles

          Did you get it to work - im running into the same problem and support does not seem to be able to assist me.

          • Re: Cisco FTD - Simple script to download configuration
            KMSigma

            Does this not work via NCM?  (Sorry, I don't have firsthand experience with the FTD devices)

            • Re: Cisco FTD - Simple script to download configuration
              bmallon

              Will your FTD let you do just a 'show run'? On mine it does not recognize that command. I have to do the full 'show running-config'.

               

              I'm having the same issue trying to get my configs backed up.

               

              I created a specific connection profile for the FTD's and I can get connected. My problem is that SolarWinds is initially sending a 'terminal width 0' command, which the FTD can't understand.

              Anyone know how to tell NCM to not send that command when it initially connects to an FTD?

              • Re: Cisco FTD - Simple script to download configuration
                bmallon

                Ok, I've got it figured out.

                 

                If you go into your 'Device Templates Management' you can copy one of the Cisco templates that exists.

                 

                In there you can remove the first line under commands the tries to do a 'terminal width 0'

                 

                You will also need to edit the lines that define the command names for 'startup' and 'running'. Just edit them to read as Value="startup-config" and Value="running-config".

                 

                Lastly, you will need to remove the line toward the bottom where it defines the write memory. Apparently this is not supported in the CLI and handled by the FMC.

                 

                Here's my config I'm using for my nightly backup on my configs. It has been tested and works for me.

                 

                <!-- edited with XML Spy v4.4 U (http://www.xmlspy.com) by () -->

                <!--SolarWinds Network Management Tools-->

                <!--Copyright 2005 SolarWinds.Net All rights reserved-->

                <Configuration-Management Device="Cisco Devices" SystemOID=" 1.3.6.1.4.1.9">

                    <Commands>

                        <Command Name="Reboot" Value="reload${CRLF}y${CRLF}y"/>

                        <Command Name="EnterConfigMode" Value="config terminal"/>   <=====(Not sure this works)

                        <Command Name="ExitConfigMode" Value="end"/>

                        <Command Name="Startup" Value="startup-config"/>

                        <Command Name="Running" Value="running-config"/>

                        <Command Name="DownloadConfig" Value="Show ${ConfigType}"/>

                        <Command Name="UploadConfig" Value="${EnterConfigMode}${CRLF}${ConfigText}${CRLF}${ExitConfigMode}"/>

                        <Command Name="DownloadConfigIndirect" Value="copy ${ConfigType} ${TransferProtocol}://${StorageAddress}/${StorageFilename}${CRLF}${CRLF}${CRLF}"/>

                        <Command Name="UploadConfigIndirect" Value="copy ${TransferProtocol}://${StorageAddress}/${StorageFilename}  ${ConfigType}${CRLF}${CRLF}"/>

                        <Command Name="DownloadConfigIndirectSCP" Value="copy ${ConfigType} ${TransferProtocol}://${SCPServerUserName}@${SCPStorageAddress}/${StorageFilename}${CRLF}${CRLF}${CRLF}${CRLF}${SCPServerPassword}"/>

                        <Command Name="UploadConfigIndirectSCP" Value="copy ${TransferProtocol}://${SCPServerUserName}@${SCPStorageAddress}/${StorageFilename}  ${ConfigType}${CRLF}${CRLF}${SCPServerPassword}"/>

                        <Command Name="EraseConfig" Value="write erase${CRLF}Y"/>

                        <Command Name="Version" Value="show version"/>

                        <Command Name="Disconnect" Value="exit"/>

                    </Commands>

                </Configuration-Management>

                 

                Hope this helps.

                • Re: Cisco FTD - Simple script to download configuration
                  mwtimken

                  This is the process that works access an ASA5525x running FTD code (6.2.3):

                   

                  ssh to device (on management port)

                  login with username/password

                  type command : system support diagnostic

                  type command : enable

                  type command : show run

                  type command : ctrl+a then d

                  type command : exit

                   

                  I have not scriptified (tech jargon), since NCM cannot manage firewalls running FTD code (yet). We are using the Firepower Management Console for these new devices.

                   

                  Note: the SSH console is read only and is for diagnostics.