We are actually using 2 commercial products today; 1. Cisco Works 2. HP Network Automation
And one home grown script on Linux that runs out and grabs the config on all firewall enabled routers every night to assure that the firewall is still applied - some of our techs disable firewall while troubleshooting issues and "forget" to re-enable it. We initially used Cisco Works only - then the security group developed the Linux script for the reason state above. After a few negative audit findings we purchased HP NA for the same thing so I suspect we will disable the Linux script. HP NA has turned out to be the easier product to use to fetch the old config. We can compare current config to any previous config, we can see each configuration change that has been made and we also use it for change management on firewall enabled devices. If a change is made outside of the tool then an event is triggered that the security group will investigate. A pricy tool that has a lot of advantages over Cisco Works and TAC/ACS mostly in the area of user friendliness. -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Erik Sundberg Sent: Friday, March 02, 2012 1:57 PM To: [email protected] Subject: [c-nsp] Config Backups Quick question/poll What is everyone using for router/switch/firewall config backups? Is rancid still the one to use? Thanks Erik ________________________________ CONFIDENTIALITY NOTICE: This e-mail transmission, and any documents, files or previous e-mail messages attached to it may contain confidential information that is legally privileged. If you are not the intended recipient, or a person responsible for delivering it to the intended recipient, you are hereby notified that any disclosure, copying, distribution or use of any of the information contained in or attached to this transmission is STRICTLY PROHIBITED. If you have received this transmission in error please notify the sender immediately by replying to this e-mail. You must destroy the original transmission and its attachments without reading or saving in any manner. Thank you. _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
