Welcome, Guest. Please login or register.
Forums

Recent Posts

Pages: 1 [2] 3 4 ... 10
11
Database / FortiGate backup
« Last post by sjobergh on July 23, 2024, 01:08:25 am »
We have large configuration files on our fortigate VDOM firewalls.  Some of them are 20 Gb.   By changing some parameters in libmisc.pm, we have managed to backup them.  But when we search in "noodle" for example, it seems that "noodle" stops searching when it gets to the large backup files.. Does anyone have an idea how to solve it
12
GUI / Re: images in topology floors or racks pages
« Last post by joserra on July 16, 2024, 07:22:12 am »
Check http://forum.nedi.ch/index.php?topic=2303.msg9320#msg9320
13
GUI / images in topology floors or racks pages
« Last post by networkbo on July 06, 2024, 04:04:46 pm »
Hi all,
I use NEDI 2.1.071.
If I load images in html/topo folder, I can see them in building page. Is it possible to have images in floor or rack page?
14
Installation / Re: Problems with NeDi 2.3C and PHP 8.0 / 8.1
« Last post by ggessler on June 07, 2024, 11:45:55 am »
Hi Rickli,

sorry for the late reply, I was out on vacation.
Yes, I have tried this already several times. Also changed the CLI port in the database to 22 to ensure that SSH is used - but this did not change anything here.

Cheers, Gerhard
15
Discovery / Re: No ARP table data collected from PaloAlto firewalls
« Last post by ruehlb on June 03, 2024, 06:38:27 pm »
My alternatives for finding a solution for this were not working out so I circuled back to see if I could find a resolution on my own. I think I have figure out part of the problem, not sure if it is the fix for everything yet. In the file /var/nedi/inc/libcli.pm, starting at line 1285, it appears the columns are off by 1. This is what the file has:

Code: [Select]
}elsif( $main::dev{$na}{os} eq 'PANOS' ){                                       # Palo Alto FW
    $ix = 0;
    $mx = 1;
    $px = 2;
}
Looking at the output of the CLI on a Palo Alto, these identifiers are incorrect. They are 1 column off. The correct code should be:

Code: [Select]
}elsif( $main::dev{$na}{os} eq 'PANOS' ){                                       # Palo Alto FW
    $ix = 1;
    $mx = 2;
    $px = 3;
}
Once I changed these variables, when I run the "Discover Now", there is a full arp table discovered on the device. Being this is in a lab environment, I don't have further equipment discovered to see if this fixes everything. I am going to test with a couple more devices and see if this is the full fix.
16
Discovery / Re: No ARP table data collected from PaloAlto firewalls
« Last post by ruehlb on May 22, 2024, 02:30:52 pm »
I agree. I have seen these pauses as well, primarily with config collection. One change I have made to accommodate for that is up the SNMP timeout to 10 seconds which allows for the collection of data. This appears to be different. When using the "Discover Now" button on the device, there is a couple second pause only at the login section. The CLI commands flow by with no hesitation. It is almost like the output is not matching what is expected therefor resulting in a 0 count table. I have tried to decipher the language in inc/libcli.pm but since coding is not my strong point, I can't for sure determine if that is the issue. My thought was if the CLI output changed at some point and the table is displayed differently than what is expected.
17
Discovery / Re: No ARP table data collected from PaloAlto firewalls
« Last post by rickli on May 21, 2024, 10:30:09 am »
I noticed different behavior (like very long pauses) on some devices when NeDi connects with SSH. Strangely enough a user can connect manually without any issues...
18
Installation / Re: Problems with NeDi 2.3C and PHP 8.0 / 8.1
« Last post by rickli on May 21, 2024, 10:20:21 am »
Have you tried CLI reset in Devices-Status by clicking on red icon next to CLI? Only then will NeDi retry CLI access. Also I don't think it's related to the update as there were no changes in 2.3...
19
Discovery / No ARP table data collected from PaloAlto firewalls
« Last post by ruehlb on May 20, 2024, 06:26:04 pm »
We have several PaloAlto firewalls that function as the default gateway for protected subnets. When setting up the .def file, I have selected PANOS for the Operating System and CLI for the ARP collection. It appears that it runs without any problem as I am getting this is the output:

Code: [Select]
CMDR:show arp all dns no result is OK
ARPC:0 ARP entries found
I have verified that I can run 'show arp all dns no' on the firewalls with the same account that Nedi is using. When running manually, I get a CLI output like this followed by all the entries:

Code: [Select]
user@pa-firewall> show arp all dns no

maximum of entries supported :      5000
default timeout:                    1800 seconds
total ARP entries in table :        178
total ARP entries shown :           178
I am failing to figure out why the table is not being collected. This is starting to become more critical as this prevents the "Nodes" section of Nedi from identifying where the device is connected. Any help with identifying an issue is appreciated.
20
Installation / Re: Problems with NeDi 2.3C and PHP 8.0 / 8.1
« Last post by ggessler on May 17, 2024, 05:48:49 pm »
Dear Rickli,
thank you very much, this did the trick.

But now I run into another problem:
Nedi is no longer able to access the switches with SSH. No matter if I discover a new switch or want to backup the configuration of an existing switch, I always receive error message that usessh policy:

During a backup:
Config (CLI)   ----------------------------------------------------------------  Fri May 17 16:50:52 2024
CLI :ssh connection prohibited by usessh policy
EVNT:MOD=B/1 L=150 CL=cfge TGT=bghsw-700e-IT310-01 MSG=Config backup error: Connection prohibited by usessh policy

During discovery:
GG: usessh == never --
TEL :Connect NeDiService;1@10.202.22.20:23 Tout:10s OS:ProCurve EN:(\x1b\[[;\?0-9A-Za-z]+)+[\w\s()'+.-]+#\s?(\x1b\[[;\?0-9A-Za-z]+)+$
TEL :Connect admin;2@10.202.22.20:23 Tout:10s OS:ProCurve EN:(\x1b\[[;\?0-9A-Za-z]+)+[\w\s()'+.-]+#\s?(\x1b\[[;\?0-9A-Za-z]+)+$
TEL :Connect admin;3@10.202.22.20:23 Tout:10s OS:ProCurve EN:(\x1b\[[;\?0-9A-Za-z]+)+[\w\s()'+.-]+#\s?(\x1b\[[;\?0-9A-Za-z]+)+$
TEL :Connect admin;4@10.202.22.20:23 Tout:10s OS:ProCurve EN:(\x1b\[[;\?0-9A-Za-z]+)+[\w\s()'+.-]+#\s?(\x1b\[[;\?0-9A-Za-z]+)+$
TEL :Connect admin;5@10.202.22.20:23 Tout:10s OS:ProCurve EN:(\x1b\[[;\?0-9A-Za-z]+)+[\w\s()'+.-]+#\s?(\x1b\[[;\?0-9A-Za-z]+)+$
EVNT:MOD=B/1 L=150 CL=cfge TGT=bghsw-700e-IT210-01 MSG=Config backup error: can't start session

My standard setting in nedi.conf was to have usessh commented out so that is tries first SSH then Telnet:
# Set ssh policy for CLI access:
# always        = only explicitly mapped ports will be used with telnet
# never         = never try ssh
# known         = only connects when hostkey is known (add with nedi.pl -k, keyscan or manually with ssh)
# commented     = try whatever will work
;usessh         always-known
;usessh         never

After upgrade to 2.3C it and the new host OS SUSE SLES seems it does not honor what usessh option I set. I started with the above commented out variant of usessh but also tried to set "usessh always". But nothing seem to work.
As perl installation on SLES 15 is a bit unclear, I tried already with different SLES package but also with SSH from CPAN.

Cheers, Gerhard
Pages: 1 [2] 3 4 ... 10