search

sjhloco / firewall_policy_report

Creates an Excel worksheet report from an ASA or Checkpoint firewall rule set with details of the hit counts and the last time the rule was hit
MIT License
4 stars 1 forks source link

strange issue #3

Open mairm1340 opened 1 year ago

mairm1340 commented 1 year ago

─> python firewall_policy_report/main.py

============================== Firewall Policy Report v0.1 ============================== Checking the input file and options entered are valid... Testing asa username/password and device connectivity ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 100% 0:00:00 Gathering and formatting ACL information from the asa 10.x.x.x, be patient it can take a while... Traceback (most recent call last): File "/home/amrim/CiscoAutomation/firewall_policy_report/main.py", line 286, in main() File "/home/amrim/CiscoAutomation/firewall_policy_report/main.py", line 274, in main acl_brief, acl_expanded = import_fw[fw_type].get_acls(fw, sid) File "/home/amrim/CiscoAutomation/firewall_policy_report/asa.py", line 41, in get_acls acl_expanded = sid.send_command('show access-list | ex elements|cached|alert-interval|remark') File "/home/amrim/.local/lib/python3.10/site-packages/netmiko/cisco/cisco_asa_ssh.py", line 88, in send_command output = super().send_command(*args, kwargs) File "/home/amrim/.local/lib/python3.10/site-packages/netmiko/utilities.py", line 500, in wrapper_decorator return func(self, args, kwargs) File "/home/amrim/.local/lib/python3.10/site-packages/netmiko/base_connection.py", line 1535, in send_command raise IOError( OSError: Search pattern never detected in send_command: (HOSTNAME OF FIREWALL) I removed the hostname name intentionally****

Tried on ASA 5516-x on Cisco Adaptive Security Appliance Software Version 9.16(3)19

The scripts runs successfully on same version on few firewalls and on few it fails because of the above

mairm1340 commented 1 year ago

kindly assist

sjhloco commented 1 year ago

If it works on some and fails on others is likely something related to those firewall. The error you are seeing is for Netmiko which is what is used to make the connections to the firewall, so the connection and gathering of information is not working. This line:

File "/home/amrim/.local/lib/python3.10/site-packages/netmiko/base_connection.py", line 1535, in send_command
raise IOError(
OSError: Search pattern never detected in send_command: (HOSTNAME OF FIREWALL)

Is something related to those firewalls and the response being received back by Netmiko from them, if it couldn't connect would get a different error. It is connecting, but when sending the command not getting the expected response. You can see in the output the command that was sent to the devices.

acl_expanded = sid.send_command('show access-list | ex elements|cached|alert-interval|remark')

You are best to start troubleshooting by using Netmiko to send the exact same command to one of the devices that is failing and see what it is doing, so why it is failing. If you google that Netmiko error message will find lots of stuff, for example this is on stackoverflow.