Kiwi CatTools, part of the SolarWinds family, allows Windows admins to manage and back up configurations of network devices.
I have been a Windows administrator for eight years and currently focus on Group Policy, backup, and IIS/Apache administration.
If you’ve ever had a firewall that’s suddenly on the fritz, you can appreciate the necessity of a regular firewall configuration backup schedule. SolarWinds offers a great product, Kiwi CatTools, targeted for Windows administrators who want to automate some of the more mundane tasks of everyday network and systems administration, including backing up firewall configurations.
Kiwi CatTools – Main console
In this tutorial, we’ll focus on configuring a scheduled backup of a Cisco ASA 5505 firewall using CatTools. You can use the information in this tutorial to schedule other types of edge devices as well.
Configuring your first device
You can download the fully functioning 30-day trialof CatTools. Install it, and then launch CatTools. The first order of business is configuring a device. CatTools comes with many predefined device templates, including the template “Cisco.Firewall.ASA.” You will also need to configure some additional parameters:
- Name: An alias for your device
- Host Address: The IP address of your firewall
- Connect via: Typically direct connect, unless you must connect to another device first (for example, a VPN) before you can connect to the device
- Method: How you connect to the device—typically Telnet (unsecured) or SSH (secured)
- Port: The port your connection method uses; will default to whatever you choose for your connection method
Kiwi CatTools device information
You can test your base configuration by using the buttons at the bottom of the window to ping and telnet/SSH your device. If both of these work, you are ready to move on to the next step of configuring passwords.
Navigate to the Passwords tab. In most cases, this is the last step for configuring your device. The Passwords tab will have different entries depending on the type of device you are configuring. For the ASA 5505, you can expect the following important entries:
- Enable Password: The password for your account
- Privilege Level: Typically 15, but can vary by ASA setup
- Console Password: The password for the Telnet console
- AAA Username/Password: Used in cases where you use AAA authentication to connect via Telnet or SSH
The options at the bottom vary by how you authenticate. For example, if you are not using AAA authentication, you will probably need to check “Initial login requires username/password.” If you are using AAA, you will need to check “Enable mode uses AAA username/password fields.” You will see similar options available for different types of monitored devices.
Configuring your first activity and schedule
In CatTools, an activity is something you do with an open connection to a device. In this tutorial, we are going to focus on backing up the running configuration. Examples of other activity options include:
- Device.CLI.ModifyConfig: Sends commands to modify the running configuration
- Report.ARPTable: Reports the current ARP table on the device
- Device.InterDevice.Ping: Sends a ping, and reports results, from the device to specified hosts
For the purposes of this tutorial, we will focus on the activity Device.Backup.RunningConfig. Create a new scheduled activity. You will need to configure:
- Type: The type of activity (template) you want to use (in this case, it’s Device.Backup.RunningConfig)
- Report File: The location of the report file for the activity
- Client threads: The number of threads you want to devote to this activity; in most cases, unless you have a specific reason to change this option, it should be “Maximum available”
The next task is to configure a schedule for the activity. This is very similar to configuring a schedule in the Windows Task Scheduler, but CatTools actually uses its own timer process. On the Time tab, you should configure:
- Recurring: When you want the schedule to recur; for example, “Now” is a one-time operation, whereas “Daily” would recur daily
- Custom: I configured a custom schedule and selected 2:00 AM run time every day of the week
You will also need to add devices to the activity. A CatTools activity can be associated with multiple devices, which is very useful in case you would like to back up multiple firewalls of the same type. Do so on the Devices tab.
Devices are added to activities; in this case, NC5505 was added
The Email tab allows CatTools to email a report to the address you have defined in your CatTools preferences. You can choose whether or not to send these emails, and you can also define an override email address if errors, such as failures to connect, occur.
Finally, the Options tab lets the administrator define how to configure the actual report. These options include:
- HTML Compare Report: Specifies whether you would like an HTML version of the report
- Text Compare Report: Specifies whether you would like a plain text report
- Only notify by email if configs have changed: Specifies that CatTools should send an email report only if the configurations have actually changed, which is useful for eliminating noisy reports
- Attach reports to email: Specifies which reports to attach to the email
- Zip attachments: Specifies that attachments should be zipped, and lets you specify a file name; typically, you want attachments zipped to conserve email space and simplify downloading of attachments
- Password protect zip file: Specifies the password for protecting the zip file
Report options give the administrator additional flexibility in specifying reporting formats and notifications
Finally, save your new scheduled activity and click “Start Timer.” You are now all set and ready to go! Your ASA device (or other firewall) will now be regularly monitored by CatTools.