07-06-2010 07:47 AM
There are lots of ways but if you are only interessted in the policies, I would connect by SSH and enter "get config | include policy". This should get you all "set policy ..." statements. You can then copy/paste them into a text file.
If there are too many policies, you can save the config to tftp server and then extract the policies from there.
07-06-2010 08:52 AM
Here is a link to a nice tool that pulls out the firewall policies and presents them in an HTML format for easy viewing. http://sourceforge.net/projects/ns2html/
07-07-2010 04:02 PM
I always save out a full configuration file after any changes are made at all on the firewall. I name the file with the location and date i.e. location-2010-07-07.cfg. These can be easily dumped to a central tftp server or pulled from the web interface.
To use the tftp function you'll need to set the source address for the requests on the firewall to whatever interface has access to your tftp server. This needs only be set once and saved in the configuration.
set tftp source-address INTERFACE
Where INTERFACE is bgroup0; ethernet0/0; etc.
For a target tftp server Solar Winds has a nice free utility that can ride as a small additional service on an existing server pretty easily. This is free software but registration is required.
CLI Save config to tftp
firewall-> save config to tftp 192.168.1.10 location-2010-07-07.cfg
Web UI save config to local file