07-06-2010 07:47 AM
There are lots of ways but if you are only interessted in the policies, I would connect by SSH and enter "get config | include policy". This should get you all "set policy ..." statements. You can then copy/paste them into a text file.
If there are too many policies, you can save the config to tftp server and then extract the policies from there.
The Axiom of Choice is obviously true, the well-ordering principle obviously false, and who can tell about Zorn's lemma?
07-06-2010 08:52 AM
Here is a link to a nice tool that pulls out the firewall policies and presents them in an HTML format for easy viewing. http://sourceforge.net/projects/ns2html/
JNCIS-ENT, FWV, SSL, WLAN
JNCIA-ER, EX, IDP, UAC, WX
Juniper Networks Certified Instructor
Juniper Networks Ambassador
Juniper Elite Reseller
J-Partner Service Specialist - Implementation
If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.
07-07-2010 04:02 PM
I always save out a full configuration file after any changes are made at all on the firewall. I name the file with the location and date i.e. location-2010-07-07.cfg. These can be easily dumped to a central tftp server or pulled from the web interface.
To use the tftp function you'll need to set the source address for the requests on the firewall to whatever interface has access to your tftp server. This needs only be set once and saved in the configuration.
set tftp source-address INTERFACE
Where INTERFACE is bgroup0; ethernet0/0; etc.
For a target tftp server Solar Winds has a nice free utility that can ride as a small additional service on an existing server pretty easily. This is free software but registration is required.
CLI Save config to tftp
firewall-> save config to tftp 192.168.1.10 location-2010-07-07.cfg
Web UI save config to local file
Senior IP Engineer - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
JNCIA-Junos JNCIS-SEC JNCIP-SEC JNCSP-SEC
JNCDA JNCDS-DC JNCDS-SEC
ACE PanOS 6