headers
Iñaki Martínez Díez | 2 Feb 2011 15:33
Favicon

Re: [rancid] rancid with Fortigate FG100A

Hi,

 I have problems getting configs from fortigates:

Version: Fortigate-5001FA2 3.00,build0670,080729

Version: Fortigate-1000AFA2 3.00,build0416,070821

 The problem is not getting complete config and the last lines are like
these:

--More--
--More--

 No errors in log.
 Rancid versión 2.3.6, also tested with earlier versions.

 Any help ?

 Thank you in advance.

El 01/02/11 01:04, "Gavin McCullagh" <gmccullagh <at> gmail.com> escribió:

>Hi,
>
>On Mon, 31 Jan 2011, Diego Ercolani wrote:
>
>> I've already submitted patch to accomplish fortinet. Here it is the
>>relevant
>> post:
(Continue reading)

Permalink | Reply |
headers
Gavin McCullagh | 2 Feb 2011 16:18
Picon

Re: [rancid] rancid with Fortigate FG100A

Hi,

On Wed, 02 Feb 2011, Iñaki Martínez Díez wrote:

>  I have problems getting configs from fortigates:
> 
> Version: Fortigate-5001FA2 3.00,build0670,080729
> 
> Version: Fortigate-1000AFA2 3.00,build0416,070821
> 
>  The problem is not getting complete config and the last lines are like
> these:
> 
> --More--
> --More--

The console is in "more" (pager) mode.  You need to change it to standard
mode:

	gcd-fw # config system console 
	
	gcd-fw (console) # set output standard 
	
	gcd-fw (console) # end

	gcd-fw # show system console 
	config system console
	    set output standard
	end
(Continue reading)

Permalink | Reply |
headers
john heasley | 2 Feb 2011 21:25

Re: [rancid] rancid with Fortigate FG100A

Wed, Feb 02, 2011 at 03:18:10PM +0000, Gavin McCullagh:
> Hi,
> 
> On Wed, 02 Feb 2011, I?aki Mart?nez D?ez wrote:
> 
> >  I have problems getting configs from fortigates:
> > 
> > Version: Fortigate-5001FA2 3.00,build0670,080729
> > 
> > Version: Fortigate-1000AFA2 3.00,build0416,070821
> > 
> >  The problem is not getting complete config and the last lines are like
> > these:
> > 
> > --More--
> > --More--
> 
> The console is in "more" (pager) mode.  You need to change it to standard
> mode:
> 
> 
> 	gcd-fw # config system console 
> 	
> 	gcd-fw (console) # set output standard 
> 	
> 	gcd-fw (console) # end
> 
> 	gcd-fw # show system console 
> 	config system console
> 	    set output standard
(Continue reading)

Permalink | Reply |
headers
Gavin McCullagh | 2 Feb 2011 23:04
Picon

Re: [rancid] rancid with Fortigate FG100A

Hi John,

On Wed, 02 Feb 2011, john heasley wrote:

> > The console is in "more" (pager) mode.  You need to change it to standard
> > mode:
> > 
> > 	gcd-fw # config system console 
> > 	gcd-fw (console) # set output standard 
> > 	gcd-fw (console) # end

> assuming that the pager can not be disabled per-tty, which i presume is
> what the magic chant 'set output standard' does; teach fnlogin about the
> pager.  but, fnlogin already has a case for the pager.  So, why is that
> not working?

> I'll bet its failing because there are control characters among the pager
> prompt.  set NOPIPE=YES and collect from the device with fnrancid -d hostname
> then look for the pager prompt in the hostname.raw file in your editor.  or
> look at the debug output of fnlogin -d hostname to see why the match is
> failing.

You make a compelling point.  My guess is the "(console)" in the prompt
too.

I came across the same problem and just disabled the pager manually myself,
I hadn't noticed that the expect script explicitly did this.  I'll try and
get time to test and see is the prompt the issue.

Gavin
(Continue reading)

Permalink | Reply |
headers
Iñaki Martínez Díez | 4 Feb 2011 12:41
Favicon

Re: [rancid] rancid with Fortigate FG100A

Hello,

 Debug mode done, I got this:

        set authgrp none
--More--                  set avgrp none
        set fwgrp none

 Last lines:

    next
--More--              edit "operator"
--More--

 NOTE: after "--" there are spaces not tab, checked with 2 editors.

 I think the problem is this line in fnlogin:

460         -gl "--More--"      { send " "

El 02/02/11 21:25, "john heasley" <heas <at> shrubbery.net> escribió:

>Wed, Feb 02, 2011 at 03:18:10PM +0000, Gavin McCullagh:
>> Hi,
>>
>> On Wed, 02 Feb 2011, I?aki Mart?nez D?ez wrote:
>>
>> >  I have problems getting configs from fortigates:
>> >
>> > Version: Fortigate-5001FA2 3.00,build0670,080729
(Continue reading)

Permalink | Reply |
headers
john heasley | 5 Feb 2011 00:33

Re: [rancid] rancid with Fortigate FG100A

Fri, Feb 04, 2011 at 12:41:39PM +0100, I?aki Mart?nez D?ez:
> Hello,
> 
>  Debug mode done, I got this:
> 
>         set authgrp none
> --More--                  set avgrp none
>         set fwgrp none
> 
> 
> 
>  Last lines:
> 
>     next
> --More--              edit "operator"
> --More--
> 
> 
> 
>  NOTE: after "--" there are spaces not tab, checked with 2 editors.
> 
> 
>  I think the problem is this line in fnlogin:
> 
> 460         -gl "--More--"      { send " "

no, thats fine.

i think the device is stupid.  my guess is that telnet/ssh sent zero for
the rows tty attribute that the device's pager is confused.
(Continue reading)

Permalink | Reply |
headers
Iñaki Martínez Díez | 10 Feb 2011 10:07
Favicon

Re: [rancid] rancid with Fortigate FG100A

Hi,

>i think the device is stupid.  my guess is that telnet/ssh sent zero for
>the rows tty attribute that the device's pager is confused.

 Yes the device is "very" stupid and more with old versions.

>is this (from fnlogin) working on your device:
>    # Disable output paging.
>    send -- "config system console\r"
>    expect -re $prompt; send -- "set output standard\r"
>    expect -re $prompt; send -- "end\r"
>    expect -re $prompt;

 It is ignored, but i think is version or user permissions.

>does a hack like this have an affect:
>Index: bin/fnlogin.in
>===================================================================
>--- bin/fnlogin.in    (revision 2282)
>+++ bin/fnlogin.in    (working copy)
> <at>  <at>  -99,6 +99,8  <at>  <at> 
>     set password_file $env(CLOGINRC)
> }
>
>+stty rows 1024
>+
> # Sometimes firewall take awhile to answer (the default is 10 sec)
> set timeout 45
>
(Continue reading)

Permalink | Reply |

Gmane