Sidewinder G2 File Editor

Posted on 2006-05-05
Last Modified: 2008-01-09
I'm in the process of migrating to a Sidewinder G2 firewall appliance.  The config is straight forward and show be quite simple to perform the migration, but I have 40 pages of hosts and IP addresses(Network Objects) that need to be imported into the config.

The Admin Console has a file editor for advanced editing.  I was wondering if there is an editable file within the linux config files that I can copy/paste all the hosts into vs. going through the GUI.

Any help would be greatly appreciated!

Question by:jelzein
    LVL 9

    Accepted Solution

    If it is the same as 5.2 then sure, which it should be the same or very similar.
    Keith will probably have more insite, he is actually running G2's I believe

    Add objects to an existing Group
    •      cf acl modify table=netgroup name=Test addmembers=ipaddr:x.x.x.2, ipaddr:x.x.x.75    (multiple addresses separated by comma’s)

    Creating Proxies (Proxys only need enabled on the source burb, be carefull)

    Create TCP proxy
    •      cf nss create service=TCP333 ports=333
    •      cf nss enable t_proxy burb=Internal service=TCP333
    •      cf nss enable t_proxy burb=External service=TCP333

    Create UDP proxy
    •      cf udp-proxy create service=UDP1515 ports=1515-1515
    •      cf udp-proxy enable service=UDP1515 burb=Internal
    •      cf udp-proxy enable service=UDP1515 burb=External

    Create an Access Control List (ACL)
    •      cf acl add name=test pos=49 action=allow agent=proxy service=Steve authneeded=no dest=ipaddr: destburb=Ext disable=no nataddr= source=netgroup:Steve sourceburb=Int comments=blah blah blah

    Creating IP Filters
    •      cf ipfilter add_db allow_tcp comments=Test build an IP filter direction=uni discard=0 dst_addr= dst_beg_port=80 dst_bits=24 dst_burb=External dst_end_port=80 enable=yes name=Test_1 nat=0 nat_addr= pos=5 sessions=off src_addr= src_beg_port=80 src_bits=24 src_burb=Internal src_end_port=80

    •      cf ipfilter add_db allow_tcp name=Namehere direction=bi discard=0 \
        dst_addr= dst_beg_port=0 dst_bits=32 dst_burb=internal \
        dst_end_port=0 enable=yes nat=0 nat_addr=localhost pos=31 reset=on \
        sessions=on share=off src_addr= src_beg_port=0 src_bits=32 \
        src_burb=external src_end_port=0 threshold=0

    Or semi automaticcally.
    Import network Objects:

    Make a text file that contains only the IP address, one IP per line. No subnets or domains.  IPs only.
    Run these commands against the file:
    zsh     note:  (must be in Zshell)
    for x in $(cat filename)
    cf acl add table=ipaddr name=${x}

    Add objects to a group

    Create a file in this format:
                 acl add table=netgroup name=groupname burb=burbname \
                        members=ipaddr:,ipaddr: \
    Run this command against the file
    cf –f filename

    import a list of IPs
    •      create a file that contains a vertical list of IP addresses.  No subnets or domains.  IPs only.
    •      zsh
    •      for x in $(cat filename)
    •      for>  cf acl add table=ipaddr name=${x}

    add the IPs to a group
    •      cf acl modify table=netgroup name=groupname,,........

    cf -f filename

    Hope it helps,


    Author Comment

    Jim - thanks for the level of detail.  That seems exactly like it would work, but it all assumes i'm at zshell, right?  What if I only have remote access via telnet or the admin console?
    LVL 9

    Expert Comment

    admin console will work or telnet, both should be the same as ssh as far as interface.

    console would probably be best
    when you login to the box, to make sure your in the zsh shell, just type zsh :)

    Featured Post

    What Should I Do With This Threat Intelligence?

    Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

    Join & Write a Comment

    When the confidentiality and security of your data is a must, trust the highly encrypted cloud fax portfolio used by 12 million businesses worldwide, including nearly half of the Fortune 500.
    Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
    Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

    729 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    17 Experts available now in Live!

    Get 1:1 Help Now