cancel
Showing results for 
Search instead for 
Did you mean: 

telnet or ssh access to SA 2500 for Rancid configuration backup

Highlighted
Not applicable

telnet or ssh access to SA 2500 for Rancid configuration backup

I just took over the responsibility of a few Juniper devices.

I have made a Rancid installation to retrieve the configs of all network equipment and have the configuration of all other network vendors equipment (Cisco, Dell, Nortel) and the Juniper SSG but can't figure out how to get a telnet or ssh prompt on the SA 2500 and haven't been able to google anyone else doing it.

Can anyone tell me if it is possible to retrieve the configuration via telnet and/or ssh?

If anyone have experience with the SA 2500 and Rancid, then please also give a sound.

9 REPLIES 9
Highlighted
Regular Contributor

Re: telnet or ssh access to SA 2500 for Rancid configuration backup

There is no telnet or SSH access on the SSL VPN.

However, You can do config. archiving to a FTP or SCP server:

(Maintenance --> Archiving --> Archiving Server)

Highlighted
Occasional Contributor

Re: telnet or ssh access to SA 2500 for Rancid configuration backup

ya no luck on rancid to grab the config thou I use the archive function to export the XML config that way I can see what changes where made to the config files (as the full config exports are not readable). ya know now that I think about it there may be a way if you configure the archive scp function on the SA to send the logs to a folder on the rancid server you can then ingest the config into rancid... let me try it out and get back to everyone.

Highlighted
Occasional Contributor

Re: telnet or ssh access to SA 2500 for Rancid configuration backup

ok did some digging it looks like you can use wrancid to get the xml config in but it is going to require some scripting.

what you will need to do:

1. setup the SA archive function to scp the xml config to the rancid server

2. write a wrancid plugin to process the xml file into rancid and the cvs

3. bash script to rename / delete the file from the upload directory after

the only hard part would be the wrancid plugin. I am going to give this a shot next week as we also run rancid for the rest of our network devices and it would be nice to get the SA in also and have the config diff'ed and sent out also

Highlighted
Regular Contributor

Re: telnet or ssh access to SA 2500 for Rancid configuration backup

If the archiving is for backup of config then I would recommend binary config rather than the XML config. There are two binary config files and they can be archived using the below options:

Archive user accounts
Archive system configuration

Highlighted
Occasional Contributor

Re: telnet or ssh access to SA 2500 for Rancid configuration backup

I'm not sure about the SA 2500, but with MAGs running IVE 7.1 you can retrieve the entire configuration with netconf.

Perhaps a wrapper around that?

Highlighted
Occasional Contributor

Re: telnet or ssh access to SA 2500 for Rancid configuration backup

Netconf will give it to you in xml format, basically SSH channel is all you need, then a simple input in a netconf query

Highlighted
Respected Contributor

Re: telnet or ssh access to SA 2500 for Rancid configuration backup

Telnet/ssh is not allowed into the SA/MAG systems. If you need the config automatically, archive the XML file.
It is theoretically possible to do this via DMI using a NETCONF utility. There is a guide on the support site discussing DMI (supported access is using NSM)
Highlighted
New Contributor

Re: telnet or ssh access to SA 2500 for Rancid configuration backup

Were you able to write such rancid plugin?

If yes, are you willing to share it?

Highlighted
New Member

Re: telnet or ssh access to SA 2500 for Rancid configuration backup

Just picking up on this old thread as I have recently been experimenting with getting Pulse configuration archives into Oxidized (RANCID) replacement.

 

What I did was use the SCP function in PSA to oxidized and then wrote a script to convert the xml into readable config (json dump) etc. The output of this is saved into oxidized configuration storage area. Only challenge left now is to show the PSA hosts and the configs on the oxidized dashboard.

 

Would be useful though if future versions of Pulse firmware allowed netconf, would make the task a lot easier! Thanks