[rancid] Fortigate false notifications

Discussion:

Slacker T

2011-07-18 15:16:52 UTC

Hello,

I'm running rancid 2.3.6 and am having trouble with the config
change notification "flapping". The content of the config isn't
really changing, just different whitespace and sometimes crlf's.
Wasn't sure if others have had this problem and whether it can
be fixed on the firewall or within rancid. Maybe tell rancid to
ignore leading and trailing whitespace....not sure about the
errant crlf's.

Firewall info: Fortigate-620B v4.0,build0313,110301 (MR2 Patch 4)
Rancid info: 2.36 on CentOS 5.6 compiled from source

Output of last few updates:

Index: configs/fortigate.example.com
===================================================================
- -- configs/fortigate.example.com      (revision 2556)
      set gui-ipv6 disable
      set gui-lines-per-page 50
      set gui-load-balance enable
- set gui-object-tags disable
+     set gui-object-tags disable
      set gui-policy-interface-pairs-view enable
      set gui-voip-profile disable
      set hostname "fortigate"

Index: configs/fortigate.example.com
===================================================================
- -- configs/fortigate.example.com      (revision 2549)
@@ -75,7 +75,7 @@
      set gui-ipv6 disable
      set gui-lines-per-page 50
      set gui-load-balance enable
-     set gui-object-tags disable
+ set gui-object-tags disable
      set gui-policy-interface-pairs-view enable
      set gui-voip-profile disable

Index: configs/fortigate.example.com
===================================================================
- -- configs/fortigate.example.com      (revision 2554)
@@ -24,8 +24,7 @@
      set sw1 auto
end
config system amc-slot
-     edit
- "sw1"
+     edit "sw1"
      next
end
config system

Index: configs/fortigate.example.com
===================================================================
- -- configs/fortigate.example.com      (revision 2553)
@@ -24,7 +24,8 @@
      set sw1 auto
end
config system amc-slot
-     edit "sw1"
+     edit
+ "sw1"
      next
end
config system global

Index: configs/fortigate.example.com
===================================================================
- -- configs/fortigate.example.com      (revision 2552)
@@ -24,8 +24,7 @@
      set sw1 auto
end
config system amc-slot
-     edit
- "sw1"
+     edit "sw1"

Andy

2011-07-18 15:56:36 UTC

Permalink

If you haven't disabled the pager in fnlogin, then that is worth a try.

I found that disabling the console pager improved things quite a lot, but I
still see this happen occasionally on various different Fortigate models and
OS versions.
I also tried removing all leading spaces, but that led to a difficult to
read configuration file.

Andy

-----Original Message-----
From: rancid-discuss-***@shrubbery.net
[mailto:rancid-discuss-***@shrubbery.net] On Behalf Of Slacker T
Sent: 18 July 2011 16:17
To: rancid-***@shrubbery.net
Subject: [rancid] Fortigate false notifications

Hello,

I'm running rancid 2.3.6 and am having trouble with the config
change notification "flapping". The content of the config isn't
really changing, just different whitespace and sometimes crlf's.
Wasn't sure if others have had this problem and whether it can
be fixed on the firewall or within rancid. Maybe tell rancid to
ignore leading and trailing whitespace....not sure about the
errant crlf's.

Firewall info: Fortigate-620B v4.0,build0313,110301 (MR2 Patch 4)
Rancid info: 2.36 on CentOS 5.6 compiled from source

Output of last few updates:

Index: configs/fortigate.example.com
===================================================================
- -- configs/fortigate.example.com      (revision 2556)
      set gui-ipv6 disable
      set gui-lines-per-page 50
      set gui-load-balance enable
- set gui-object-tags disable
+     set gui-object-tags disable
      set gui-policy-interface-pairs-view enable
      set gui-voip-profile disable
      set hostname "fortigate"

Index: configs/fortigate.example.com
===================================================================
- -- configs/fortigate.example.com      (revision 2549)
@@ -75,7 +75,7 @@
      set gui-ipv6 disable
      set gui-lines-per-page 50
      set gui-load-balance enable
-     set gui-object-tags disable
+ set gui-object-tags disable
      set gui-policy-interface-pairs-view enable
      set gui-voip-profile disable

Index: configs/fortigate.example.com
===================================================================
- -- configs/fortigate.example.com      (revision 2554)
@@ -24,8 +24,7 @@
      set sw1 auto
end
config system amc-slot
-     edit
- "sw1"
+     edit "sw1"
      next
end
config system

Index: configs/fortigate.example.com
===================================================================
- -- configs/fortigate.example.com      (revision 2553)
@@ -24,7 +24,8 @@
      set sw1 auto
end
config system amc-slot
-     edit "sw1"
+     edit
+ "sw1"
      next
end
config system global

Index: configs/fortigate.example.com
===================================================================
- -- configs/fortigate.example.com      (revision 2552)
@@ -24,8 +24,7 @@
      set sw1 auto
end
config system amc-slot
-     edit
- "sw1"
+     edit "sw1"
      next
end
config system

john heasley

2011-07-18 18:28:57 UTC

Permalink

Post by Andy
If you haven't disabled the pager in fnlogin, then that is worth a try.
I found that disabling the console pager improved things quite a lot, but I
still see this happen occasionally on various different Fortigate models and
OS versions.

agreed. you can try the attached more complex handling from clogin. I'm
guessing a bit; it might need more tweaking to handle however this device
wipes the pager prompt.

Slacker T

2011-07-22 21:28:17 UTC

Permalink

agreed. you can try the attached more complex handling from clogin. I'm
guessing a bit; it might need more tweaking to handle however this device
wipes the pager prompt.

I tried the different pager settings on the Fortinets (there are only
two), still had
the same problem with both. I applied the fnlogin.diff patch and haven't had a
false notification since.

Thanks!