Tutorial 3: Configuration backup and restore
HP switches
Netscreen firewalls
Outline: Thia procedure is based on using the embedded web-server in the Netscreens. There is undoubtedly a CLI way to to this, but that is yet to be determined. The basic process is:
- if possible, save the current configuration, otherwise find the archive of saved configs
- copy the configuration to be moved to a laptop
- set up the laptop on the same network as the management port on the target Netscreen
- connect to the embedded web-server on the target, and upload the configuration
Details
You will need to know the root password for the Netscreens. See the password cardfile in the key vault, under "Netscreen".
Save current configuration
If the source device is responsive on the standard network, log onto the embedded web-server and navigate to Configuration--Update--ConfigFile. Click the "Save to File" buttons and follow the prompts.If the device is not responsive, you can try connecting a laptop directly to the management ethernet port on the device. It is configured as 192.168.15.200/24, so set up the laptop statically for any other address on that network (the device does not provide DHCP on the management network, so you have to use a static configuration).
The address of the embedded web-server would be "http://192.168.15.200". Navigate to Configuration--Update--ConfigFile and "Save to File".
Archive of saved configurations
There is an archive of Netscreen configurations in sftp://userid@asimov/coregroup1/core/0-Networking/Netscreen%20Firewalls/Saved%20configurations. Replace userid with your userid. (Note: there may be other ways to access this directory, but sftp works for me.)
Copy configuration to laptop
Once you have a configuration, copy it to a laptop of other network device that is connected to the management network on the target Netscreen.
Connect to the target Netscreen
The management port on the target Netscreen will be configured as 92.168.15.200/24. Statically configure the laptop (or other device) with the configuration as any other address on that network.
Upload the configuration
Log into the embedded web-server on the target device using address "http://192.168.15.200/". Navigate to Configuration-Update--ConfigFile.- Click "Replace Current Configuration"
- Browse to the location of the configuration file on the local system
- Click "Apply".
Potential problems
The embedded web-server software on the firewalls is very sensitive to the version of web-browser and JavaScript. In particular, https is known to work only with IE version 6. For other software, you will have to use http. This is less than desirable, but in the case of the management port it is not a significant problem -- the network is not viewable by anyone else, so there is no risk in using a password over an unencrypted channel.Topic revision: r5 - 2010-03-12 - TrevorGrove
Information in this area is meant for use by CSCF staff and is not official documentation, but anybody who is interested is welcome to use it if they find it useful.
- CF Web
- CF Web Home
- Changes
- Index
- Search
- Administration
- Communication
- Hardware
- HelpDeskGuide
- Infrastructure
- InternalProjects
- Linux
- MachineNotes
- Macintosh
- Management
- Networking
- Printing
- Research
- Security
- Software
- Solaris
- StaffStuff
- TaskGroups
- TermGoals
- Teaching
- UserSupport
- Vendors
- Windows
- XHier
- Other Webs
- My links
 |
|
Copyright © 2008-2025 by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding TWiki? Send feedback