Discussion:
[rancid] Fortinet Firewall Question.
Chris Davis
2013-11-25 19:53:26 UTC
Permalink
I have configured Rancid to process my Fortinet Firewalls. I was running 2.3.6 and it was reporting every hour with changes because of the time and keys in my HA cluster. Well, I finally had the time to look at upgrading it to 2.3.8 today. I waited until after the hourly processing, and configured, made and installed the upgrade.

I let it run, and voila, no firewall change. The end of the hourly config diffs has finally ended. So then I went in and deleted a disabled record, hoping to see it on the next hourly run. But I got nothing. The firewall itself emailed me the change, but I saw nothing reported in Rancid.

Any ideas?

Chris Davis - CIS Security Director
The Principia
13201 Clayton Road
Saint Louis, MO 63131
314-434-2100
Alan McKinnon
2013-11-25 23:25:20 UTC
Permalink
Post by Chris Davis
I have configured Rancid to process my Fortinet Firewalls. I was
running 2.3.6 and it was reporting every hour with changes because of
the time and keys in my HA cluster. Well, I finally had the time to
look at upgrading it to 2.3.8 today. I waited until after the hourly
processing, and configured, made and installed the upgrade.
I let it run, and voila, no firewall change. The end of the hourly
config diffs has finally ended. So then I went in and deleted a
disabled record, hoping to see it on the next hourly run. But I got
nothing. The firewall itself emailed me the change, but I saw nothing
reported in Rancid.
Any ideas?
There are two main possibilities for the behaviour you describe:

- regexes have been updated to remove that annoying cycling data
- 2.3.8 is not sending mail (or you are not getting it).

A few simple questions to determine which it is:

- do you still receive other mail from rancid?
- are the line of interest appearing in rancid's output file? Do they
change there after you make a config change on the device?
--
Alan McKinnon
***@gmail.com
Loading...