Mailing List Archive

Fortigate VDOMs
Hi Rancid Community,

I am backing up Fortigate devices with the new Debian Rancid ver. 3.9.1,
however 1 FGT Device has no VDOMs and 2 more does not have VDOMs

router.db one has to specify fortigate or fortigate-full depending on your
needs thus when configuring fortigate-full no VDOM config is pulled,
however when running show full-configuration is run on the affected units
running VDOMs one can see the VDOM config with IPSECs and all,

help would be apprenticed greatly

extract /etc/rancid/rancid.types.base
# Fortinet Fortigate firewall
# Normal or FULL configuration
fortigate;script;rancid -t fortigate
fortigate;login;fnlogin
fortigate;timeout;90
fortigate;module;fortigate
fortigate;inloop;fortigate::inloop
fortigate;command;fortigate::GetSystem;get system status
fortigate;command;fortigate::GetConf;show
#
fortigate-full;script;rancid -t fortigate
fortigate-full;login;fnlogin
fortigate-full;timeout;90
fortigate-full;module;fortigate
fortigate-full;inloop;fortigate::inloop
fortigate-full;command;fortigate::GetSystem;get system status
fortigate-full;command;fortigate::GetConf;show full-configuration

Regards

Juan
Re: Fortigate VDOMs [ In reply to ]
what version of fortios was this tested on, since on my 5.6.8 both fortigate & fortigate-full pull vdom configs.

// nick



From: Rancid-discuss [mailto:rancid-discuss-bounces@shrubbery.net] On Behalf Of Linux Threads
Sent: Friday, March 8, 2019 12:44
To: rancid-discuss@shrubbery.net
Subject: [rancid] Fortigate VDOMs

Hi Rancid Community,

I am backing up Fortigate devices with the new Debian Rancid ver. 3.9.1, however 1 FGT Device has no VDOMs and 2 more does not have VDOMs

router.db one has to specify fortigate or fortigate-full depending on your needs thus when configuring fortigate-full no VDOM config is pulled, however when running show full-configuration is run on the affected units running VDOMs one can see the VDOM config with IPSECs and all,

help would be apprenticed greatly

extract /etc/rancid/rancid.types.base
# Fortinet Fortigate firewall
# Normal or FULL configuration
fortigate;script;rancid -t fortigate
fortigate;login;fnlogin
fortigate;timeout;90
fortigate;module;fortigate
fortigate;inloop;fortigate::inloop
fortigate;command;fortigate::GetSystem;get system status
fortigate;command;fortigate::GetConf;show
#
fortigate-full;script;rancid -t fortigate
fortigate-full;login;fnlogin
fortigate-full;timeout;90
fortigate-full;module;fortigate
fortigate-full;inloop;fortigate::inloop
fortigate-full;command;fortigate::GetSystem;get system status
fortigate-full;command;fortigate::GetConf;show full-configuration

Regards

Juan



________________________________

Volg Aquafin op Facebook<https://www.facebook.com/AquafinNV> | Twitter<https://twitter.com/aquafinnv> | YouTube<http://www.youtube.com/channel/UCk_4P5BJ-MtEEDCkCsR_KqQ?feature=mhee> | LinkedIN<http://www.linkedin.com/company/aquafin/products> | Instagram<https://www.instagram.com/aquafin_nv/>

In het kader van de uitoefening van onze taken verzamelen we bij Aquafin persoonsgegevens. Hoe we omgaan met deze gegevens en wat de rechten van de betrokkenen zijn, kan je nalezen in onze privacy policy<https://www.aquafin.be/nl-be/privacy-policy>.

P Denk aan het milieu. Druk deze mail niet onnodig af.
Re: Fortigate VDOMs [ In reply to ]
Hi

it is still on ver 5.2.7 however the Service provider managed, should that
be the problem?

Regards

Juan

On Fri, 8 Mar 2019 at 14:32, Nick Nauwelaerts <nick.nauwelaerts@aquafin.be>
wrote:

> what version of fortios was this tested on, since on my 5.6.8 both
> fortigate & fortigate-full pull vdom configs.
>
>
>
> // nick
>
>
>
>
>
>
>
> *From:* Rancid-discuss [mailto:rancid-discuss-bounces@shrubbery.net] *On
> Behalf Of *Linux Threads
> *Sent:* Friday, March 8, 2019 12:44
> *To:* rancid-discuss@shrubbery.net
> *Subject:* [rancid] Fortigate VDOMs
>
>
>
> Hi Rancid Community,
>
>
>
> I am backing up Fortigate devices with the new Debian Rancid ver. 3.9.1,
> however 1 FGT Device has no VDOMs and 2 more does not have VDOMs
>
>
>
> router.db one has to specify fortigate or fortigate-full depending on your
> needs thus when configuring fortigate-full no VDOM config is pulled,
> however when running show full-configuration is run on the affected units
> running VDOMs one can see the VDOM config with IPSECs and all,
>
>
>
> help would be apprenticed greatly
>
>
>
> extract /etc/rancid/rancid.types.base
>
> # Fortinet Fortigate firewall
> # Normal or FULL configuration
> fortigate;script;rancid -t fortigate
> fortigate;login;fnlogin
> fortigate;timeout;90
> fortigate;module;fortigate
> fortigate;inloop;fortigate::inloop
> fortigate;command;fortigate::GetSystem;get system status
> fortigate;command;fortigate::GetConf;show
> #
> fortigate-full;script;rancid -t fortigate
> fortigate-full;login;fnlogin
> fortigate-full;timeout;90
> fortigate-full;module;fortigate
> fortigate-full;inloop;fortigate::inloop
> fortigate-full;command;fortigate::GetSystem;get system status
> fortigate-full;command;fortigate::GetConf;show full-configuration
>
>
>
> Regards
>
>
>
> Juan
>
>
>
>
>
> ------------------------------
>
> *Volg Aquafin op Facebook <https://www.facebook.com/AquafinNV> | Twitter
> <https://twitter.com/aquafinnv> | YouTube
> <http://www.youtube.com/channel/UCk_4P5BJ-MtEEDCkCsR_KqQ?feature=mhee> |
> LinkedIN <http://www.linkedin.com/company/aquafin/products> | Instagram
> <https://www.instagram.com/aquafin_nv/> *
>
> In het kader van de uitoefening van onze taken verzamelen we bij Aquafin
> persoonsgegevens. Hoe we omgaan met deze gegevens en wat de rechten van de
> betrokkenen zijn, kan je nalezen in onze privacy policy
> <https://www.aquafin.be/nl-be/privacy-policy>.
>
> P Denk aan het milieu. Druk deze mail niet onnodig af.
>
Re: Fortigate VDOMs [ In reply to ]
Check that the user account rancid is logging in as in .cloginrc has permissions to all VDOMs. You can test it yourself by logging to the firewall as that user and seeing what it sees.

Using the "show full" mode should not be necessary to see all VDOMs. It just shows the default settings, still at their default values, that would normally be hidden.

________________________________
From: Rancid-discuss <rancid-discuss-bounces@shrubbery.net> on behalf of Linux Threads <linuxthreads@gmail.com>
Sent: Friday, March 8, 2019 5:43 AM
To: rancid-discuss@shrubbery.net
Subject: [rancid] Fortigate VDOMs

Hi Rancid Community,

I am backing up Fortigate devices with the new Debian Rancid ver. 3.9.1, however 1 FGT Device has no VDOMs and 2 more does not have VDOMs

router.db one has to specify fortigate or fortigate-full depending on your needs thus when configuring fortigate-full no VDOM config is pulled, however when running show full-configuration is run on the affected units running VDOMs one can see the VDOM config with IPSECs and all,

help would be apprenticed greatly

extract /etc/rancid/rancid.types.base
# Fortinet Fortigate firewall
# Normal or FULL configuration
fortigate;script;rancid -t fortigate
fortigate;login;fnlogin
fortigate;timeout;90
fortigate;module;fortigate
fortigate;inloop;fortigate::inloop
fortigate;command;fortigate::GetSystem;get system status
fortigate;command;fortigate::GetConf;show
#
fortigate-full;script;rancid -t fortigate
fortigate-full;login;fnlogin
fortigate-full;timeout;90
fortigate-full;module;fortigate
fortigate-full;inloop;fortigate::inloop
fortigate-full;command;fortigate::GetSystem;get system status
fortigate-full;command;fortigate::GetConf;show full-configuration

Regards

Juan
Re: Fortigate VDOMs [ In reply to ]
HI,

Thank you for all your inputs seems like permissions on the FGT was the
problem I am able to pull full-config now,

Kind Regards

Juan

On Fri, 8 Mar 2019 at 18:17, Ni Ne <nineoften@hotmail.com> wrote:

> Check that the user account rancid is logging in as in .cloginrc has
> permissions to all VDOMs. You can test it yourself by logging to the
> firewall as that user and seeing what it sees.
>
> Using the "show full" mode should not be necessary to see all VDOMs. It
> just shows the default settings, still at their default values, that would
> normally be hidden.
>
> ------------------------------
> *From:* Rancid-discuss <rancid-discuss-bounces@shrubbery.net> on behalf
> of Linux Threads <linuxthreads@gmail.com>
> *Sent:* Friday, March 8, 2019 5:43 AM
> *To:* rancid-discuss@shrubbery.net
> *Subject:* [rancid] Fortigate VDOMs
>
> Hi Rancid Community,
>
> I am backing up Fortigate devices with the new Debian Rancid ver. 3.9.1,
> however 1 FGT Device has no VDOMs and 2 more does not have VDOMs
>
> router.db one has to specify fortigate or fortigate-full depending on your
> needs thus when configuring fortigate-full no VDOM config is pulled,
> however when running show full-configuration is run on the affected units
> running VDOMs one can see the VDOM config with IPSECs and all,
>
> help would be apprenticed greatly
>
> extract /etc/rancid/rancid.types.base
> # Fortinet Fortigate firewall
> # Normal or FULL configuration
> fortigate;script;rancid -t fortigate
> fortigate;login;fnlogin
> fortigate;timeout;90
> fortigate;module;fortigate
> fortigate;inloop;fortigate::inloop
> fortigate;command;fortigate::GetSystem;get system status
> fortigate;command;fortigate::GetConf;show
> #
> fortigate-full;script;rancid -t fortigate
> fortigate-full;login;fnlogin
> fortigate-full;timeout;90
> fortigate-full;module;fortigate
> fortigate-full;inloop;fortigate::inloop
> fortigate-full;command;fortigate::GetSystem;get system status
> fortigate-full;command;fortigate::GetConf;show full-configuration
>
> Regards
>
> Juan
>
>
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss@shrubbery.net
> http://www.shrubbery.net/mailman/listinfo/rancid-discuss
>
Re: Fortigate VDOMs [ In reply to ]
Hi Everyone

I have been a part of this rancid forum for years now and only doing my first post now.

BTW very nice email list to be a a part of.

I am busy inter grating rancid to backup Huawei devices.

Please can anyone shed some light as to where the best scripts are for these devices OLT”s and switches.

Your input would be greatly appreciated
Best Regards
Adrian le Roux

Sent from my iPhone

> On 09 Mar 2019, at 08:25, Linux Threads <linuxthreads@gmail.com> wrote:
>
> HI,
>
> Thank you for all your inputs seems like permissions on the FGT was the problem I am able to pull full-config now,
>
> Kind Regards
>
> Juan
>
>> On Fri, 8 Mar 2019 at 18:17, Ni Ne <nineoften@hotmail.com> wrote:
>> Check that the user account rancid is logging in as in .cloginrc has permissions to all VDOMs. You can test it yourself by logging to the firewall as that user and seeing what it sees.
>>
>> Using the "show full" mode should not be necessary to see all VDOMs. It just shows the default settings, still at their default values, that would normally be hidden.
>>
>> From: Rancid-discuss <rancid-discuss-bounces@shrubbery.net> on behalf of Linux Threads <linuxthreads@gmail.com>
>> Sent: Friday, March 8, 2019 5:43 AM
>> To: rancid-discuss@shrubbery.net
>> Subject: [rancid] Fortigate VDOMs
>>
>> Hi Rancid Community,
>>
>> I am backing up Fortigate devices with the new Debian Rancid ver. 3.9.1, however 1 FGT Device has no VDOMs and 2 more does not have VDOMs
>>
>> router.db one has to specify fortigate or fortigate-full depending on your needs thus when configuring fortigate-full no VDOM config is pulled, however when running show full-configuration is run on the affected units running VDOMs one can see the VDOM config with IPSECs and all,
>>
>> help would be apprenticed greatly
>>
>> extract /etc/rancid/rancid.types.base
>> # Fortinet Fortigate firewall
>> # Normal or FULL configuration
>> fortigate;script;rancid -t fortigate
>> fortigate;login;fnlogin
>> fortigate;timeout;90
>> fortigate;module;fortigate
>> fortigate;inloop;fortigate::inloop
>> fortigate;command;fortigate::GetSystem;get system status
>> fortigate;command;fortigate::GetConf;show
>> #
>> fortigate-full;script;rancid -t fortigate
>> fortigate-full;login;fnlogin
>> fortigate-full;timeout;90
>> fortigate-full;module;fortigate
>> fortigate-full;inloop;fortigate::inloop
>> fortigate-full;command;fortigate::GetSystem;get system status
>> fortigate-full;command;fortigate::GetConf;show full-configuration
>>
>> Regards
>>
>> Juan
>>
>>
>> _______________________________________________
>> Rancid-discuss mailing list
>> Rancid-discuss@shrubbery.net
>> http://www.shrubbery.net/mailman/listinfo/rancid-discuss
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss@shrubbery.net
> http://www.shrubbery.net/mailman/listinfo/rancid-discuss
Re: Fortigate VDOMs [ In reply to ]
Sat, Mar 09, 2019 at 08:29:01AM +0200, Adriaan Le Roux:
> I am busy inter grating rancid to backup Huawei devices.
>
> Please can anyone shed some light as to where the best scripts are for these devices OLT”s and switches.

There is support in rancid already for Hauwei VRP. afaict, when i was writing
the module, VRP is the name of the O/S on the S5720. maybe your devices also
runs VRP.

_______________________________________________
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss