List of Supported Devices for Configuration Management

[Giancarlo]

[Last updated November 2021]

 

This is an entirely new capability offered by Domotz. We will add more and more devices to the following list for which Domotz offers the possibility to:

• automatically back-up configuration
• manually back-up specific configuration
• compare across different versions
• getting alerted if something changes
• getting notified if running configuration is different from the saved one
• restore previous saved configuration
• upload and update the device with a new configuration

 

The following is the current list of supported devices for those capabilities:

 

Brand	Model #s Tested	Notes
Cisco	IOS Series: Catalyst 2960 Catalyst 3560 Catalyst 3650 Catalyst 3750	SSH and SNMP enabled In order to unlock this functionality, it requires an SSH user (with privilege 15) SCP module should be enabled:             ip scp server enable In order to benefit the auto-rollback on error capability, the "archive" functionality should be enabled:  archive path flash:archive write-memory   --   In order to create a user with privilege level 15 issue the following commands: #conf t (config)#username <username> privilege 15 password <password>   If you do not have AAA authentication ("no aaa new-model" in your conf file), you need to issue the following commands: (config)#line vty 0 15 (config)#login local   In case that you are using AAA authentication (aaa new-model in your config file), in order for the privilege 15 user to log in in enable mode, you need to issue the following commands: (config)#aaa authentication login default local (config)#aaa authentication enable default enable (config)#aaa authorization console (config)#aaa authorization exec default local if-authenticated
Cisco	SG Series (except SG200)	SSH and SNMP enabled. admin account with privilege level 15. The following lines in the configuration file:              - ip ssh password-auth   (mandatory)              - no logging console (recommended)    Note: SG200 is not yet supported, given that this model does not support ssh server
Luxul	XMS AMS SMBStaX	SSH and SNMP enabled. admin account with privilege level 15.
Juniper	Juniper OS	SSH and SCP should be enabled.. User must be super-admin or capable of restoring configuration.
WatchGuard	Fireware OS	We recommend having a separate ssh user for this feature since only 1 session per user is allowed at a time     A firewall rule must allow TFTP traffic from the Domotz agent host to the WatchGuard firewall HTTPS (port 8080) is needed for recognition SSH and TFTP enabled Max configuration file size 5MB
FortiNet	FortiOS	SSH and TFTP services enabled SSH account provided for unlocking must be super_admin or admin Max configuration file size set to 5MB A firewall rule must allow TFTP traffic from the Domotz agent host to the FortiGate device: https://docs.fortinet.com/document/fortigate/6.0.0/Handbook/690377/trivial-file-transfer-protocol-tftp-session-helper-tftp The following output configuration is needed for the correct interpretation of its configuration, through the FortiGate's CLI run the following (it removes the pause between output data): # config system console     set output standard end Note: Hash for passwords and other encrypted data may be shown as diff when comparing configurations even if the password is the same: https://forum.fortinet.com/tm.aspx?m=176962
HP Aruba	Aruba OS Access Points CX Switches Pro Vision based ones:  Are not supported	SSH and TFTP enabled user must be admin Access Points are in READ ONLY mode

 

Note: in order to trigger the Domotz driver to discover configuration files, SNMP should be enabled on the Network appliance. In this way, Domotz is able to correctly identify the device, and trigger the correct driver for configuration management purposes.

 

---------------------------------------------------------------------------------------------------------------------------------------------------------

 

Few screenshots related to the Device Configuration Management:

 

Automatic and Manual Backup - Domotz automatically backup the configuration of the device and shows the history of the last configuration files. The backup is executed every 6 hours, and a new version is only saved (and showed) if it differs from the previous version.

 

Moreover, Domotz allows the manual backup of the configuration file. A new version is created, regardless if it differs or not from the previous saved version:

 

 

Through the same interface, it is possible to upload a new configuration file (which can then be applied to the device). Moreover, each saved configuration file can be locally downloaded.

 

Finally, user is also notified if there is a misalignment between the running and the startup (flash / bootflash) configuration.

 

Compare and Restore Configuration Files - Domotz allows the user to compare different saved versions of configuration files, and to restore a previously saved one:

 

Edited November 17, 2021 by Nikolay
HP Aruba note addition