SMC Batch Interaction – Pushing Policy to Firewall Engine
(2 votes, average: 5.00 out of 5)
Loading ...Here we go with a second article to enable batch interaction with a StoneGate Management Center: this one is about publishing a ready made policy to a StoneGate Firewall/VPN Engine.
Scenario could be, for instance, that you receive an alert raising the DefCon level and you want to react by activating a more restrictive policy.
The script for you today is called sgUploadFw.[sh|bat] and the syntax is:
sgUploadFw.[bat|sh] [host=hostname] [login=loginname] [pass=password] cluster=clustername [cluster=otherclustername] policy=policyname
host ==> SMC host where you want this script to be executed.
login ==> login of an Administrator Profile, who has rights to operate on given elements
pass ==> password (yes, in cleartext. It’s up to you to decide about security level you want to implement 
)
cluster ==> could be a single node or a cluster of engines
policy ==> the name of the policy you want to upload
Example and output:
C:\Stonesoft\StoneGate\bin>sgUploadFw.bat host=192.168.1.101 login=root pass=mypassword cluster=”FW-5000″ policy=”DefCon 1″
Finding cluster(s)
Found FW-5000
Found policy: DefCon 1
Accepted a compatible cluster: FW-5000
Starting upload
Waiting 900 seconds…
Contacting nodes of FW-5000
Connection ok on firewall FW-5000
Preparing configuration for FW-5000
Policy snapshot started
Policy snapshot created.
Uploading configuration on FW-5000
New configuration generated for firewall FW-5000
New configuration uploaded to firewall FW-5000
Rule @1279.6 has Source NAT translated to ipaddresses that corresponds to an int
erface address
Applying configuration on FW-5000
New configuration activated on firewall FW-5000
Checking connectivity on FW-5000
Contact with firewall FW-5000 confirmed
Policy installation successful for FW-5000
upload finished
To download the script for Windows click here, while the version for Linux is available here.
Both scripts will remain available in StoneBlog Community, Files area.
Recent Comments