For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Andrea_110925's avatar
Andrea_110925
Icon for Nimbostratus rankNimbostratus
Oct 08, 2008

Firepass integration with AdventNet ManageEngine DeviceExpert

Hi guys,

 

 

I have AdventNet ManageEngine DeviceExpert installation and I want to integrate it with firepass.

 

DeviceExpert is a software for change management of networking devices, it supports many vendors but not F5.

 

I ask AdventNet support engineer for firepass and they replay with the following requirements:

 

 

DeviceExpert can support any device model that supports configuration backup through TFTP/SCP when accessed via TELNET or SSH or SNMP.

 

 

Also, they ask to provide the following information:

 

 

1. How many configuration files do these devices possess (for example startup and running)

 

2. Login sequence for CLI. Screenshots of the login sequence will be very helpful

 

3. Commands to retrieve & push configuration from/to the devices. Open a command prompt, execute the command and send us the complete snapshot of the command and the output

 

4. Any other useful command to get hardware details from the device

 

5. What is the format of backedup configuration file: text format or binary format

 

6. Can this device be manged through SSH also?

 

 

Thanks in advance.

 

Andrea
BIG-IP Access Policy Manager (APM)
remote access
security

2 Replies

  • mal_57091's avatar
    mal_57091
    Icon for Nimbostratus rankNimbostratus
    Oct 13, 2008
    Hey Andrea,

     

     

    Unfortunately i don't think you can do this with FirePass. FirePass, like most SSL VPNs on the market today do not offer CLI access to the device. So you can't really Telnet/SSH in and run commands, pull config, etc. The config files you can backup from the FirePass are encrypted and only F5 can decrypt them.

     

     

    Sorry to be the bearer of bad news :-( Have you considered using SNMP-based management and setting traps? Also, FirePass is pretty cool in that you can lock down admin only to a certain physical interface and then even further to a specific set of source IP addresses. Perhaps you should lock down your boxes, set strong admin passwords, etc to prevent any chance of incorrect config changes.

     

     

    Cheers,

     

    Mal
  • steve_88008's avatar
    steve_88008
    Icon for Nimbostratus rankNimbostratus
    Oct 30, 2008

     

    i use the nightly back up feature to an ftp server. You can also use scp. I believe the FP will connect to the scp/ftp server and upload the back up. Does not look like you can download the back up config. You could just use the scp service on device expert and back up to a dir on that box to at least centralize your back up conifgs.

     

     

    device expert is pretty slick. i use to back up my FW,layer 2, and 3 devices.

     

     

    hth