[rancid] Rancid + Fortinet

Andy andy at benthamroad.co.uk
Thu Dec 9 13:36:23 UTC 2010


Hi,
I had the same problem, you need to make sure console paging is disabled.
The script version I have attached is v1.1.1.1 and this will disable paging
and then enable it again when the script has finished.
I have added a couple of lines to enter the global configuration mode for
use with vdoms and this seems to work OK, but I am still testing.

I have attached the script I am using, I have tested it on FortiOS 3.0 and
4.0. You must use an admin user account on the Fortigate to change the pager
settings.

Andy


-----Original Message-----
From: Iñaki Martínez Díez [mailto:imd at acens.com] 
Sent: 09 December 2010 11:47
To: Andy
Cc: rancid-discuss at shrubbery.net
Subject: Re: [rancid] Rancid + Fortinet

Hi,

  I have some scrpt for fortigate with several patches applied and some
fixed but it really is not working correct.

  The script connect correctly and get some config but not complete (i think
some paging <--more--> is ommiting some lines). Each time i run rancid-run
fortigate i got different config (without modification on the fortigate of
course).

  I have tried this script with this version of fortigate:
Fortigate-1000AFA2 3.00,build0416,070821.

  Someone has a good script that work with fortigates ?


  I have attached my scripts (remember that do not work correctly for me)

  Thank you.




El 08/12/10 12:02, Andy escribió:
> You are correct, the script I use is fnlogin which is from a patch 
> (provided by Diego Ercolani) which modifies the original nlogin;
>
> The line is remarked;
>
> # FortiOS 2.x prompts can end in either '#' or '$'
>      set prompt "\[#\\$]"
>
>
> Andy
>________________________________________
Iñaki Martínez Díez
Departamento de redes
acens Technologies S.L.
imd at acens.com
Teléfono: 637 772 156

Fax: 911 418 501
Este mensaje puede contener información confidencial dirigida exclusivamente
a su destinatario.
No se permite su copia o distribución sin la autorización expresa y por
anticipado de acens.
Si recibió este mensaje por error, por favor, comuníquelo al emisor y
elimínelo de su ordenador. Gracias.
This message may contain confidential information exclusively addressed to
its intended recipient.
The copy or distribution of this message is not permitted without the prior
express consent by acens.
If you are not the intended recipient of this message please advise the
sender and delete it. Thank you.

> -----Original Message-----
> From: Chris Kilian [mailto:chris.kilian at seccomglobal.com]
> Sent: 07 December 2010 22:17
> To: Andy; 'Mozzi'; rancid-discuss at shrubbery.net
> Subject: RE: [rancid] Rancid + Fortinet
>
> Guys
>
> I was under the belief that fnlogin was used for Fortigate, is this 
> correct, also I cant find that line you talk about Andy can you 
> provide any more detail
>
> -----Original Message-----
> From: rancid-discuss-bounces at shrubbery.net
> [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Andy
> Sent: Tuesday, 7 December 2010 11:19 PM
> To: 'Mozzi'; rancid-discuss at shrubbery.net
> Subject: Re: [rancid] Rancid + Fortinet
>
> Hi,
> Is the prompt set to expect "#" in your nlogin script?
>
> Line 458 in nlogin should be;
> set prompt "\[#\\$] $"
>
> That works for me.
>
> Andy
>
> -----Original Message-----
> From: rancid-discuss-bounces at shrubbery.net
> [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Mozzi
> Sent: 07 December 2010 09:15
> To: rancid-discuss at shrubbery.net
> Subject: [rancid] Rancid + Fortinet
>
> Allo all
>
> I have an issue with rancid backing up fortigate devices.
> Everything seems correct, but when checking if nlogin works, it auto 
> logs in, but I get this:
>
> rancid at thunderaxe:/backups/Networking/bin>  ./nlogin -t 90 -c"get 
> system status;get conf" 192.168.0.51
> 192.168.0.51
> spawn ssh -c 3des -x -l mozz 192.168.0.51 mozzi at 192.168.0.51's password:
> ONEFIRE # get system status
>
> Error: TIMEOUT reached
> rancid at thunderaxe:/backups/Networking/bin>  get system status If 'get' 
> is not a typo you can use command-not-found to lookup the package that 
> contains it, like this:
>      cnf get
> rancid at thunderaxe:/backups/Networking/bin>
>
>
> Now I just don't understand!!
>
> Mozzi
>
>
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss

-------------- next part --------------
A non-text attachment was scrubbed...
Name: fnlogin
Type: application/octet-stream
Size: 15490 bytes
Desc: not available
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20101209/3d16de8b/attachment.obj>


More information about the Rancid-discuss mailing list