Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

telnet or ssh access to SA 2500 for Rancid configuration backup

sorenhansen_
Not applicable
‎01-07-2010 12:58:PM
‎01-07-2010 12:58:PM

telnet or ssh access to SA 2500 for Rancid configuration backup

I just took over the responsibility of a few Juniper devices.

I have made a Rancid installation to retrieve the configs of all network equipment and have the configuration of all other network vendors equipment (Cisco, Dell, Nortel) and the Juniper SSG but can't figure out how to get a telnet or ssh prompt on the SA 2500 and haven't been able to google anyone else doing it.

Can anyone tell me if it is possible to retrieve the configuration via telnet and/or ssh?

If anyone have experience with the SA 2500 and Rancid, then please also give a sound.

0 Kudos
13 REPLIES 13
cbarcellos_
Regular Contributor
‎01-07-2010 03:31:PM
‎01-07-2010 03:31:PM

Re: telnet or ssh access to SA 2500 for Rancid configuration backup

There is no telnet or SSH access on the SSL VPN.

However, You can do config. archiving to a FTP or SCP server:

(Maintenance --> Archiving --> Archiving Server)

0 Kudos
dcamara_
Occasional Contributor
‎01-09-2010 05:35:PM
‎01-09-2010 05:35:PM

Re: telnet or ssh access to SA 2500 for Rancid configuration backup

ya no luck on rancid to grab the config thou I use the archive function to export the XML config that way I can see what changes where made to the config files (as the full config exports are not readable). ya know now that I think about it there may be a way if you configure the archive scp function on the SA to send the logs to a folder on the rancid server you can then ingest the config into rancid... let me try it out and get back to everyone.

0 Kudos
dcamara_
Occasional Contributor
‎01-09-2010 06:11:PM
‎01-09-2010 06:11:PM

Re: telnet or ssh access to SA 2500 for Rancid configuration backup

ok did some digging it looks like you can use wrancid to get the xml config in but it is going to require some scripting.

what you will need to do:

1. setup the SA archive function to scp the xml config to the rancid server

2. write a wrancid plugin to process the xml file into rancid and the cvs

3. bash script to rename / delete the file from the upload directory after

the only hard part would be the wrancid plugin. I am going to give this a shot next week as we also run rancid for the rest of our network devices and it would be nice to get the SA in also and have the config diff'ed and sent out also

0 Kudos
ruc_
Regular Contributor
‎01-10-2010 02:56:PM
‎01-10-2010 02:56:PM

Re: telnet or ssh access to SA 2500 for Rancid configuration backup

If the archiving is for backup of config then I would recommend binary config rather than the XML config. There are two binary config files and they can be archived using the below options:

Archive user accounts
Archive system configuration

0 Kudos
jpayne_
Occasional Contributor
‎05-29-2012 07:09:AM
‎05-29-2012 07:09:AM

Re: telnet or ssh access to SA 2500 for Rancid configuration backup

I'm not sure about the SA 2500, but with MAGs running IVE 7.1 you can retrieve the entire configuration with netconf.

Perhaps a wrapper around that?

0 Kudos
ed_gpc_
Occasional Contributor
‎06-01-2012 09:58:AM
‎06-01-2012 09:58:AM

Re: telnet or ssh access to SA 2500 for Rancid configuration backup

Netconf will give it to you in xml format, basically SSH channel is all you need, then a simple input in a netconf query

0 Kudos
zanyterp_
Respected Contributor
‎06-01-2012 04:45:PM
‎06-01-2012 04:45:PM

Re: telnet or ssh access to SA 2500 for Rancid configuration backup

Telnet/ssh is not allowed into the SA/MAG systems. If you need the config automatically, archive the XML file.
It is theoretically possible to do this via DMI using a NETCONF utility. There is a guide on the support site discussing DMI (supported access is using NSM)
0 Kudos
ybenari_
New Contributor
‎02-23-2014 08:22:AM
‎02-23-2014 08:22:AM

Re: telnet or ssh access to SA 2500 for Rancid configuration backup

Were you able to write such rancid plugin?

If yes, are you willing to share it?

0 Kudos
timyam
New Member
‎07-14-2020 08:43:AM
‎07-14-2020 08:43:AM

Re: telnet or ssh access to SA 2500 for Rancid configuration backup

Just picking up on this old thread as I have recently been experimenting with getting Pulse configuration archives into Oxidized (RANCID) replacement.

 

What I did was use the SCP function in PSA to oxidized and then wrote a script to convert the xml into readable config (json dump) etc. The output of this is saved into oxidized configuration storage area. Only challenge left now is to show the PSA hosts and the configs on the oxidized dashboard.

 

Would be useful though if future versions of Pulse firmware allowed netconf, would make the task a lot easier! Thanks

0 Kudos
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.