1

I'd like to export all the policies set up in my Juniper SSG-550 running JunOS 5.1 but i can't find any way to do so. Preferably in an easy to parse format (csv would be great).

Problem is the firmware is awfully outdated and I only have access to the webGUI, maybe there's a way to do that through the serial port but I just can't have acces to it.

Thanks in advance !

4 Answers4

1

You can grab a copy of the config file by going to Admin -> Update -> Config in the Web UI.

I have some dodgy scripts to parse the config files and output policy info, but a more ghetto way is to just copy and paste the policy table (Policy -> Policies in the web UI) into Excel and then munge it.

And if you have access to the web UI you can just enable telnet/ssh access - you don't have to just use the serial port.

James
  • 7,553
  • 2
  • 24
  • 33
  • You're right, I couldn't find anything in the documentation because I was searching for the word "export" and all I got was "export routes" for routing protocols like OSPF. Thanks for your answer, I just got the file and I'll se how to parse it to represent fully the actual setup. –  May 26 '10 at 10:31
1

I know this is old but should help someone in the future:

http://ns2html.sourceforge.net/

NS2HTML is a tool created to convert the config file extracted from Netscreen devices into friendly HTML rulebases. It is a free tool developed from the need of gathering data from policies used at ancient firewalls under administration. It is developed under GPL license. It's totally free, under the license terms. Feel free to use, develop or send it to who need.`

TheCleaner
  • 32,352
  • 26
  • 126
  • 188
0

If you are running a 5.1 version that is pretty old it should be ScreenOS not JUNOS. Unless you have done the flash card conversion from ScreenOS to JUNOS, which would actually make the chassis just a J-2350. This is important to distinguish. So, I will assume that it is running ScreenOS since that is the most likely scenario. Now, if you have only access to the WebUI I do not believe their is any way to export the configuration. I do not know if this version has this ability or not but the WebUI in ScreenOS should have the ability to save off the text configuration of the configuration (you should be able to do the same with JUNOS) from the firmware/config portion of the menu. Then you should be able to parse the text config with a script or something to format it into a CSV or something.

Regardless you should really be running a more modern version of code if at all possible. 5.1 is WAY old. :)

Null Route
  • 72
  • 1
  • Saving a copy of the config has been around since forever :) – James May 25 '10 at 20:36
  • Thank you for that explanation, I'm not familiar with Juniper firewall but I already heard before that there is a possibility to change the OS on those SSG-550. You're totally right, I have to update this and I think I'll convert it to JUNOS. FYI there's a way to export policies through the export of the config file for the whole system. –  May 26 '10 at 10:28
0

I tried to extract all my 400 policies from the WebUI and munge them into Excel. But to be honest, the result did not satisfy me and the way was far too fiddly.

As there was no good solution for this problem, I solved it with a small commandline tool. This tool parses the configfile, wich you can download from the WebUI (admin > update > config) and generates a htmlpage including all policies.

If you wanna give it a try, just download Junipiper for Windows & Linux and have some fun.
(as it is free of charge, there is no warranty for the programm, use it a your own risk!!!)

Best regards Phil.

Phil Swiss
  • 1,437
  • 9
  • 4