I just took over the responsibility of a few Juniper devices.
I have made a Rancid installation to retrieve the configs of all network equipment and have the configuration of all other network vendors equipment (Cisco, Dell, Nortel) and the Juniper SSG but can't figure out how to get a telnet or ssh prompt on the SA 2500 and haven't been able to google anyone else doing it.
Can anyone tell me if it is possible to retrieve the configuration via telnet and/or ssh?
If anyone have experience with the SA 2500 and Rancid, then please also give a sound.
There is no telnet or SSH access on the SSL VPN.
However, You can do config. archiving to a FTP or SCP server:
(Maintenance --> Archiving --> Archiving Server)
ya no luck on rancid to grab the config thou I use the archive function to export the XML config that way I can see what changes where made to the config files (as the full config exports are not readable). ya know now that I think about it there may be a way if you configure the archive scp function on the SA to send the logs to a folder on the rancid server you can then ingest the config into rancid... let me try it out and get back to everyone.
ok did some digging it looks like you can use wrancid to get the xml config in but it is going to require some scripting.
what you will need to do:
1. setup the SA archive function to scp the xml config to the rancid server
2. write a wrancid plugin to process the xml file into rancid and the cvs
3. bash script to rename / delete the file from the upload directory after
the only hard part would be the wrancid plugin. I am going to give this a shot next week as we also run rancid for the rest of our network devices and it would be nice to get the SA in also and have the config diff'ed and sent out also
If the archiving is for backup of config then I would recommend binary config rather than the XML config. There are two binary config files and they can be archived using the below options:
Archive user accounts
Archive system configuration
I'm not sure about the SA 2500, but with MAGs running IVE 7.1 you can retrieve the entire configuration with netconf.
Perhaps a wrapper around that?
Netconf will give it to you in xml format, basically SSH channel is all you need, then a simple input in a netconf query
Just picking up on this old thread as I have recently been experimenting with getting Pulse configuration archives into Oxidized (RANCID) replacement.
What I did was use the SCP function in PSA to oxidized and then wrote a script to convert the xml into readable config (json dump) etc. The output of this is saved into oxidized configuration storage area. Only challenge left now is to show the PSA hosts and the configs on the oxidized dashboard.
Would be useful though if future versions of Pulse firmware allowed netconf, would make the task a lot easier! Thanks