[rancid] Fortigate problem

heasley heas at shrubbery.net
Mon May 20 17:43:23 UTC 2013 

Mon, May 20, 2013 at 04:43:58PM +0000, Skoog, Robert:
> The command before it gives this output:
> 
> Somefortinethost # get system status
> Version: FortiWiFi-80CM v4.0,build0637,120817 (MR3 Patch 9)
> Virus-DB: 17.00657(2013-05-19 11:39)
> Extended DB: 14.00000(2011-08-24 17:09)
> IPS-DB: 4.00343(2013-05-16 00:16)
> FortiClient application signature package: 4.343(2013-05-20 01:43)
> Serial-Number: FW80CM111111111111
> BIOS version: 04000004
> Log hard disk: Not available
> Internal Switch mode: switch
> Hostname: SomeHostName
> Operation Mode: NAT
> Current virtual domain: root
> Max number of virtual domains: 10
> Virtual domains status: 2 in NAT mode, 0 in TP mode
> Virtual domain configuration: enable
> FIPS-CC mode: disable
> Current HA mode: standalone
> Wifi Chipset: Ralink RT2860
> WiFi firmware version: 2.1.3.0
> Distribution: International
> Branch point: 637
> Release Version Information: MR3 Patch 9
> System time: Mon May 20 12:36:30 2013
> 
> SomeHostname #
> 
> That Regex matches for this line:
> Virtual domain configuration: enable
> 
> I tried some longer regexes, but had problems with the output being chunked or something.  If vdoms are enabled the "config global" command is sent if they aren't it just picks up at the next prompt.  While the command currently used by fnrancid work fine without the patch we noticed issues when we tried to also the configuration of a device using a list of commands if the config global was sent by rancid and the device didn't use vdoms.

Your match is just as likely to be missed.  what happens is that the data
does not necessary arrive all at once or even be read from the socket all
at once.  you can't rely on having a complete line unless you force the
behavior by using line mode if the device supports it or 
	expect {
		something
		else
		the other
		-re "^\[^\n\r]*\[\r\n]"	{ # stuff we dont care about
					  exp_continue
					}
	}

anyway, I expect that removing that stuff from fnlogin and handling the
paging without making config changes would be a better path.

> -----Original Message-----
> From: heasley [mailto:heas at shrubbery.net] 
> Sent: Monday, May 20, 2013 12:06 PM
> To: Skoog, Robert
> Cc: heasley; Charles van der Spuy; rancid-discuss at shrubbery.net
> Subject: Re: [rancid] Fortigate problem
> 
> Mon, May 20, 2013 at 03:41:13PM +0000, Skoog, Robert:
> > Actually you put up a patch to the mailing list previously which resolves this issue:
> > 
> > http://www.gossamer-threads.com/lists/rancid/users/6488
> 
> thanks; that had been committed.  I missed the difference when I looked at 2.3.8.
> 
> > I can't seem to find the post on the shrubbery archives though.  I know the patch resolved my issues when using SSH to connect to fortinets.  I also put up a patch a while ago dealing with devices with and without vdoms.  Devices without vdoms seem not to like having configuration commands sent after the config global command is sent.
> > 
> > http://www.shrubbery.net/pipermail/rancid-discuss/2013-March/006715.ht
> > ml
> 
> what effect does that have when vdoms are not in use?
> 
> what is being matched here:
> +        expect {
> +               -re "tion: ena" { expect -re $prompt; send "config global\r"}
> +               -re "tion: dis" {}
> +              }
> 
> ____________________________________________________________
> This message, including any attachments, may contain confidential information intended for a specific individual and purpose, and may be protected by law. If you are not the intended recipient please delete this message immediately. Any disclosure, copying or distribution of this message, or the taking of any action based on it, by any unintended recipient is strictly prohibited.

More information about the Rancid-discuss mailing list