Solved

Capturing Firewall System Health

Posted on 2009-05-20
4
245 Views
Last Modified: 2012-05-07
Hi Experts,

Recently we discovered that a Netscreen Firewall we have in our office that connects to another site was getting problems.  The connection breaks every once in a while, and we have to reboot the Netscreen to get it back working.

We contacted a support vendor and which they lent us another same model firewall for temporary replacment... all went smoothly for more than a week.  The vendor check ours and they found no problems in their lab.  So they returned it back to us.

Hoping to isolate and determine the cause of trouble, the supporting vendor sent us a few command to run on the firewall regularly to capture the FW's status.  I am trying to figure a way to run this with a notepad that connects as a console, and dump the command results for storage.  I think of using Putty to telnet through the serial port to do that... but not so certain as how to come up with the batch file that would call putty to connect.  Does anyone know if this is a good way to run script off the firewall to dump status?  or is there any better way of doing it?  

I am running something like:
> c:\putty.exe -telnet 10.0.0.1 -l username -m input.txt
where:
-telnet 10.0.0.1  specifies the protocol and IP
-l : the user account to use
-m : the input file that contains the feed-in commands

Thanks very much
-telnet : specifies it'll be a telnet
0
Comment
Question by:wingkchan
  • 2
4 Comments
 
LVL 68

Accepted Solution

by:
Qlemo earned 500 total points
Comment Utility
Telnet or SSH are the only ways to do regular jobs on NetScreen. With SSH and a certificate, you even could automate it in the way that you do not have to authenticate - fully automated batch file, that way.

What I use is netcat (in a slightly modifed variant). It allows for piping, so I can generate the commands needed dynamically, and evaluate outputs, all in one go.

Like
(echo MyLogin
 echo MyPwd
 get memory
) | nc -t 10.0.0.1 -i 1 | findstr "memory" > logfile.txt


0
 
LVL 32

Expert Comment

by:Kamran Arshad
Comment Utility
Hi,

Why don't you use SNMP for monitoring your Netscreen? Then using any NMS you can get the values.
0
 
LVL 68

Expert Comment

by:Qlemo
Comment Utility
It depends on the set of commands used if you can monitor via SNMP. Many things are not exposed to SNMP, like VPN tunnel traffic. And in the memory area I guess it's similar.
0
 
LVL 2

Author Closing Comment

by:wingkchan
Comment Utility
Thanks for your suggestion.  However I didn't get to try out your way, because the supporting vendor recommend us to use a software care SecureCRT.  We downloaded the trialware and did some testing. This programs allows calling of vbscript, and schedule to run at defined interval... so every 10 minutes or so, we can run some "get" commands and output them to a file.  It'sworks fine.  Thanks for your input.
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

Suggested Solutions

Can I legally transfer my OEM version of Windows to another PC?  (AKA - Can I put a new systemboard in my OEM PC?) Few of us are both IT and legal experts but we all have our own views of Microsoft's licensing rules and how they apply.  There are…
Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now