Firewall Wizards mailing list archives
Re: Cisco Security Manager clone?
From: "John Forrister" <john () segfault com>
Date: Fri, 2 May 2008 11:36:59 -0700
Check out RANCID. http://www.shrubbery.net/rancid/ Aside from performing configuration monitoring and change notification, there's a script used by RANCID named "clogin", which is capable of automatically logging into a box and executing either a single command or a script. This would probably fit your requirements in terms of making changes on several boxes at once. You'll need to have a system capable of running expect and CVS. It's also CLI only as far as I know - so if you you're not comfortable in a CLI, this package won't be for you. It's a solid product, and
From their web page:
"RANCID monitors a router's (or more generally a device's) configuration, including software and hardware (cards, serial numbers, etc) and uses CVS (Concurrent Version System) <http://cvshome.org/> or Subversion<http://subversion.tigris.org/>to maintain history of changes. Rancid currently supports Cisco routers, Juniper routers, Catalyst switches, Foundry switches, Redback NASs, ADC EZT3 muxes, MRTd (and thus likely IRRd), Alteon switches, and HP Procurve switches and a host of others." -John On Wed, Apr 30, 2008 at 8:01 AM, Mike Davis <mdavis () gsp net> wrote:
This is my first posting so be gentle ;-) I have an environment that is all Cisco based firewalls for my edge protection and site to site vpns. I have a little over 100 remote sites running on ASA 5505's with an AES Tunnel to both the primary (HQ) and secondary (DR ) sites. It is working quite nicely and has been for years now but the problem I have is this… all my remote site firewalls are not centrally managed in the sense that I can make one change in a console and push it globally to all my remote firewalls so that when a change is required, I have to log into each and every one (I use SSH) and make the changes. I know that Cisco Security Manager will allow me to do that but at the 100K pricetag I was quoted from Cisco with the blink of an eye… I just cannot put that into my budget. Does anyone know of or can recommend any freeware or low-cost-ware application that will allow me to monitor and make global config changes without having to SSH to each one? The ability to segregate into groups and manage based upon groups would certainly be a plus as well but not a requirement. Thanks in advance! *Mike Davis* _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
-- John Forrister 480-540-7325 (mobile)
_______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Cisco Security Manager clone? Mike Davis (May 01)
- Re: Cisco Security Manager clone? Alex Nobre (May 02)
- Re: Cisco Security Manager clone? Chris Myers (May 02)
- Re: Cisco Security Manager clone? David Blahut (May 02)
- Re: Cisco Security Manager clone? Glenn Crissman (May 02)
- Re: Cisco Security Manager clone? Patrick Giagnocavo (May 02)
- Re: Cisco Security Manager clone? Paul Melson (May 02)
- Re: Cisco Security Manager clone? Sanford Reed (May 02)
- Re: Cisco Security Manager clone? Avishai Wool (May 02)
- Re: Cisco Security Manager clone? Gilles Demarty (May 07)
- Re: Cisco Security Manager clone? John Forrister (May 07)
- Re: Cisco Security Manager clone? Neil Glock (May 07)
- Re: Cisco Security Manager clone? Pietro Bertera (May 07)
- <Possible follow-ups>
- Re: Cisco Security Manager clone? Bruce Platt (May 07)