?
Solved

Capturing Firewall System Health

Posted on 2009-05-20
4
Medium Priority
?
252 Views
Last Modified: 2012-05-07
Hi Experts,

Recently we discovered that a Netscreen Firewall we have in our office that connects to another site was getting problems.  The connection breaks every once in a while, and we have to reboot the Netscreen to get it back working.

We contacted a support vendor and which they lent us another same model firewall for temporary replacment... all went smoothly for more than a week.  The vendor check ours and they found no problems in their lab.  So they returned it back to us.

Hoping to isolate and determine the cause of trouble, the supporting vendor sent us a few command to run on the firewall regularly to capture the FW's status.  I am trying to figure a way to run this with a notepad that connects as a console, and dump the command results for storage.  I think of using Putty to telnet through the serial port to do that... but not so certain as how to come up with the batch file that would call putty to connect.  Does anyone know if this is a good way to run script off the firewall to dump status?  or is there any better way of doing it?  

I am running something like:
> c:\putty.exe -telnet 10.0.0.1 -l username -m input.txt
where:
-telnet 10.0.0.1  specifies the protocol and IP
-l : the user account to use
-m : the input file that contains the feed-in commands

Thanks very much
-telnet : specifies it'll be a telnet
0
Comment
Question by:wingkchan
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 70

Accepted Solution

by:
Qlemo earned 1500 total points
ID: 24430568
Telnet or SSH are the only ways to do regular jobs on NetScreen. With SSH and a certificate, you even could automate it in the way that you do not have to authenticate - fully automated batch file, that way.

What I use is netcat (in a slightly modifed variant). It allows for piping, so I can generate the commands needed dynamically, and evaluate outputs, all in one go.

Like
(echo MyLogin
 echo MyPwd
 get memory
) | nc -t 10.0.0.1 -i 1 | findstr "memory" > logfile.txt


0
 
LVL 32

Expert Comment

by:Kamran Arshad
ID: 24439790
Hi,

Why don't you use SNMP for monitoring your Netscreen? Then using any NMS you can get the values.
0
 
LVL 70

Expert Comment

by:Qlemo
ID: 24439814
It depends on the set of commands used if you can monitor via SNMP. Many things are not exposed to SNMP, like VPN tunnel traffic. And in the memory area I guess it's similar.
0
 
LVL 2

Author Closing Comment

by:wingkchan
ID: 31592778
Thanks for your suggestion.  However I didn't get to try out your way, because the supporting vendor recommend us to use a software care SecureCRT.  We downloaded the trialware and did some testing. This programs allows calling of vbscript, and schedule to run at defined interval... so every 10 minutes or so, we can run some "get" commands and output them to a file.  It'sworks fine.  Thanks for your input.
0

Featured Post

WatchGuard's M Series Appliances - Miecom Approved

WatchGuard's newest M series appliances were put to the test by Miercom.  We had great results and outperformed all of our competitors in both stateless and stateful traffic throghput scenarios! Ready to see how your UTM appliance stacked up? Download the Miercom Report!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We have adopted the strategy to use Computers in Student Labs as the bulletin boards. The same target can be achieved by using a Login Notice feature in Group policy but it’s not as attractive as graphical wallpapers with message which grabs the att…
In this article, we’ll look at how to deploy ProxySQL.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
Suggested Courses
Course of the Month10 days, left to enroll

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question