+ Reply to Thread
Results 1 to 11 of 11
  1. Member
    Join Date
    Jul 2005
    Posts
    50

    Certifications
    MCP: 70-270, CCNA, working on CCNP
    #1

    Default Backing-up PIX config to TFTP

    My first post to the world of Security gurus.

    Guys i have this pix 535 sec appliance and duno how to backup its configuration to the TFTP. The version of the firewall is 6.3(4). I'm using Solarwinds as my TFTP application.

    TFTP is already prepared.

    Here is the command i used in pix.

    pix535FW(config)#tftp-server 10.1.1.1 /tftp/cisco/fw_config

    To start copying to tftp i type this:

    pix535FW(config)#write net :

    The error is:

    Building configuration...
    TFTP write '/tftp/cisco/fw_config' at 10.1.1.1 on interface 1
    TFTP error: File Open Error 3
    [FAILED]


    I'm not good in pix , im new to it and im starting to learn its features. I need to backup the configuration before purging any policies in the near future. I also heard that my company is planning to migrate to fortinet box. Is there a program that can translate pix commands to fortinet commands?

    Thanks.
    Reply With Quote Quote  

  2. SS -->
  3. mikej412's caddy sprkymrk's Avatar
    Join Date
    Feb 2006
    Location
    Charleston, SC
    Posts
    4,976

    Certifications
    MCP (NT4 Server), MCSA 2000, MCSA 2003, CCNA, Security+, Network+
    #2
    I don't see Fortinet listed as supported right now, but you might drop these guys an email asking if it will soon. I am not sure if this tool will do what you want, but it's worth a look-see.
    http://www.kiwisyslog.com/cattools-info.php
    Reply With Quote Quote  

  4. Member
    Join Date
    Jul 2005
    Posts
    50

    Certifications
    MCP: 70-270, CCNA, working on CCNP
    #3
    Hi sprkymrk,

    Thanks for the post, this tool is nice. I emailed their tech support and see if they can help me.

    I have two pix 535 and contains a lot of policies, may be 20-25 pages and this next quarter we're planning to migrate to Fortigate 1000. If i will configure this policies line by line in Fortigate, it will consume time. I worry about downtime because im on a mission critical environment.

    If you have any suggestions...
    Reply With Quote Quote  

  5. mikej412's caddy sprkymrk's Avatar
    Join Date
    Feb 2006
    Location
    Charleston, SC
    Posts
    4,976

    Certifications
    MCP (NT4 Server), MCSA 2000, MCSA 2003, CCNA, Security+, Network+
    #4
    I ran into the same type of situation almost 3 years ago when I started my current job here. There was an existing (but unstable and poorly configured) Symantec Enterprise Firewall in place with no documentation that had been touched at times by 3-4 different admins who knew little about firewalls. We decided to migrate to an SGS 5440 appliance, but there was no way to import existing rules/config. I spent about 6 weeks combing over the existing firewall with a fine tooth comb making notes as I went and dumping half the config as it was wide open and conflicting rules existed. After that I configured the new firewall offline as much as possible, (about 2 weeks of configuring and testing) then brought it online on a weekend to test live. I had to repeat this process a couple of weekends in a row before bringing it online during production hours. Fortunately the planning paid off and there was no disruption to any critical operations.
    Reply With Quote Quote  

  6. Member
    Join Date
    Jul 2005
    Posts
    50

    Certifications
    MCP: 70-270, CCNA, working on CCNP
    #5
    wow amazing... that was a real challenge. 6 weeks of combing is great.

    may be this is also my time to comb with a fine tooth comb of notes . i think i need to start now familiarizing rules and policies. this is a no joke project . We are on a 24x7 operation and my boss wants me to do the trick in just a day. amazing...
    Reply With Quote Quote  

  7. mikej412's caddy sprkymrk's Avatar
    Join Date
    Feb 2006
    Location
    Charleston, SC
    Posts
    4,976

    Certifications
    MCP (NT4 Server), MCSA 2000, MCSA 2003, CCNA, Security+, Network+
    #6
    Wow, good luck!
    Reply With Quote Quote  

  8. Member
    Join Date
    Jul 2005
    Posts
    50

    Certifications
    MCP: 70-270, CCNA, working on CCNP
    #7
    Thanks bro.
    Reply With Quote Quote  

  9. Senior Member
    Join Date
    Oct 2003
    Posts
    485

    Certifications
    Yes
    #8

    Default Re: Backing-up PIX config to TFTP

    Quote Originally Posted by GodHand
    Here is the command i used in pix.

    pix535FW(config)#tftp-server 10.1.1.1 /tftp/cisco/fw_config
    Open up your Solarwinds TFTP server:

    Click on "File", then "Configure" and select the directory you want your files placed in under the "TFTP Root Directory" tab. Click OK.

    Leave the TFTP server up.

    Go to your pix and type in "tftp-server <IP address where your TFTP server software resides> /(specify name you want to use for file)"

    Then type in "write net <IP address where your TFTP server software resides>:"

    It should look something like this:

    firewall(config)# tftp-server 10.0.1.251 /pix
    firewall(config)# write net 10.0.1.251:
    Building configuration...
    TFTP write '/pix' at 10.0.1.251 on interface 1
    [OK]
    Reply With Quote Quote  

  10. Member
    Join Date
    Jul 2005
    Posts
    50

    Certifications
    MCP: 70-270, CCNA, working on CCNP
    #9
    You make it work buddy. . thanks a lot. now i have no worry purging and editing pix policies.

    have you tried to restore saved config from tftp back to the pix? just in case i encounter a serious problem, my only option is to restore the previous config. how long will it take to make it operational again? is there an additional command that i need to execute after copying from tftp?

    Thanks forbesl... saves my night
    Reply With Quote Quote  

  11. Member
    Join Date
    Jul 2005
    Posts
    50

    Certifications
    MCP: 70-270, CCNA, working on CCNP
    #10
    Hi guys.

    Anyone who tried to restore pix config from tftp server?
    how long is the downtime?
    do i need to type other commands after copying from tftp?

    im on a live network that's why i can't test.

    thanks...
    Reply With Quote Quote  

  12. Senior Member netteaser's Avatar
    Join Date
    Aug 2005
    Location
    San Antonio,TX
    Posts
    199

    Certifications
    CCNP, CCNA:Security
    #11

    Default Backup config

    Instead of using third tftp software I backup my pix's and ASA devices by connecting directly to the device thorugh a web browser and works exactly the same way as getting it from a tftp server
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks