[rancid] rancid with Fortigate FG100A

Iñaki Martínez Díez imd at acens.com
Wed Feb 2 14:33:43 UTC 2011


 I have problems getting configs from fortigates:

Version: Fortigate-5001FA2 3.00,build0670,080729

Version: Fortigate-1000AFA2 3.00,build0416,070821

 The problem is not getting complete config and the last lines are like


 No errors in log.
 Rancid versión 2.3.6, also tested with earlier versions.

 Any help ?

 Thank you in advance.

El 01/02/11 01:04, "Gavin McCullagh" <gmccullagh at gmail.com> escribió:

>On Mon, 31 Jan 2011, Diego Ercolani wrote:
>> I've already submitted patch to accomplish fortinet. Here it is the
>> post:
>> http://www.shrubbery.net/pipermail/rancid-discuss/2009-June/004005.html
>> if you see in the mailing list there are time to time modifications.
>I see, thanks very much.  I've upgraded to v2.3.6 (I was using the debian
>packages which are v2.3.2) and it seems to work.
>The only trouble I see so far is that we're getting repeated patches with
>lines like:
>    - !System time: Mon Jan 31 22:11:05 2011
>    + !System time: Mon Jan 31 23:11:09 2011
>    - #conf_file_ver=7138776372466847334
>    + #conf_file_ver=2985214935052655642
>So I'm experimenting with a patch:
>--- /usr/local/rancid/bin/fnrancid.orig    2011-01-31 23:59:10.000000000
>+++ /usr/local/rancid/bin/fnrancid    2011-01-31 23:59:54.000000000 +0000
>@@ -175,7 +175,7 @@
>     next if /^\s*$/;
>     last if (/$prompt/);
>-    next if (/^System Time:/);
>+    next if (/^System Time:/i);
>     next if (/^\s*Virus-DB: .*/);
>     next if (/^\s*Extended DB: .*/);
>     next if (/^\s*IPS-DB: .*/);
>@@ -207,7 +207,7 @@
>     # System time is fortigate extraction time
>     next if (/^\s*!System time:/);
>     # remove occurrances of conf_file_ver
>-    next if (/^conf_file_ver=/);
>+    next if (/^#?conf_file_ver=/);
>     # filter variabilities between configurations.  password encryption
>     # upon each display of the configuration.
>     if (/^\s*(set [^\s]*)\s(Enc\s[^\s]+)(.*)/i && $filter_pwds > 0 ) {
>I'm also seeing the two RSA Private Keys changing regularly which is very
>odd.  I'm not sure if that tells me something's odd about the firewall
>rather than about Rancid, but I'm seeing this on two different FG100A
Iñaki Martínez Díez
Departamento de redes
acens Technologies S.L.
imd at acens.com
Teléfono: 637 772 156

Fax: 911 418 501
Este mensaje puede contener información confidencial dirigida exclusivamente a su destinatario.
No se permite su copia o distribución sin la autorización expresa y por anticipado de acens.
Si recibió este mensaje por error, por favor, comuníquelo al emisor y elimínelo de su ordenador. Gracias.
This message may contain confidential information exclusively addressed to its intended recipient.
The copy or distribution of this message is not permitted without the prior express consent by acens.
If you are not the intended recipient of this message please advise the sender and delete it. Thank you.
>Rancid-discuss mailing list
>Rancid-discuss at shrubbery.net

More information about the Rancid-discuss mailing list