SRX

Hello All,

This script is especially for those users who wants to take automatic backup of SRX Firewall on their ftp server's.

In our case, we were taking the configuration backup of around 15-20 SRX Firewalls and doing this manually is really a time consuming job. After working long I created a script which will take the backup of configuration and save this file with "HostName" and "Date", so that we can easily identify that in this backup file is containing backup of which firewall and taken on what date.

2 steps process is given below :

Step-1 : copy or create a new file in /cf/root folder naming "backup". ( you can also test the same file from command line, syntax is : "sh /cf/root/backup")

Step-2 : Create a cron tab job for scheduling this file as a backup job.

              command is : crontab -e

0 0 * * 0  sh /cf/root/backup > /cf/root/cronlog

Above job will run the "sh /cf/root/backup" command on  every Sunday at 00:00 Hrs. this is nothing but run the script file and log all the entries in another file i.e. /cf/root/cronlog.

That's all...

Cheersssssssss...

Deepak Chopra

Attachment(s)

JuniperBackupScript.txt   983 B 1 version

I have adapted your script to use it in a J23220 with JunOS 10.2R3

For some unknown reason we need to include "binary" command inside the FTP command to make the script run.

ftp -n -v $HOST << EOT
user $USER $PASSWD
passive
binary
cd backupdirectory
put $hn$dash$fileDT.conf.gz
bye
EOT

We have also attached a rm command to clear backup config from the firewall:

rm /cf/root/$hn$dash$fileDT.conf.gz

Thank you very much for your  contribution.

Rob

Junos has builtin mechanism to backup its configuration on remote host. It can be done automatically after some scheduled interval or on commit. See system>archival>configuration section of junos configuration. 

Our juniper SRX devices send their conifguration to remote host via scp(secure copy) after the commit command applied. The sample configuration under the system hierarchy is as follows: 

archival {
        configuration {
            transfer-on-commit;
            archive-sites {
                "scp://user@host:/path/to/config" password "password"; ## SECRET-DATA
            }

Hello ,

ofcourse Juon has builin Mechanism to scheduled interval backup to its configuration on remote host but  it has limited features like :

1. it takes calulation in minutes ( not in hours or days).

2. you can give maximum 2880 min only, it means 2 days. 

It means you can't take weekly backup of its configuration.

Hi there, 

Yes, Junos has some interval restrictions in scheduled backup. But there is another option. 

The configuration takes effect only after the commit command. And transfer-on-commit option saves last and actual conifguration on the remote host. I wonder if it is necessary to have weekly backups of the configuration that is in fact unchanged since the last commit.

Hello,

Yes, JunOS has another option which takes effect only after the commit command, but sometimes Admin does the changes on Firewall only for testing and it is hard to maintain backup copies of test configuration.

So everything depends, how we want to keep our backup at remote location.

also the built-in mechanism doesn't allow for saving in "display set" format.