Sidewinder G2 File Editor

I'm in the process of migrating to a Sidewinder G2 firewall appliance.  The config is straight forward and show be quite simple to perform the migration, but I have 40 pages of hosts and IP addresses(Network Objects) that need to be imported into the config.

The Admin Console has a file editor for advanced editing.  I was wondering if there is an editable file within the linux config files that I can copy/paste all the hosts into vs. going through the GUI.

Any help would be greatly appreciated!

Thanks,
JE
jelzeinAsked:
Who is Participating?
 
jabiiiConnect With a Mentor Commented:
If it is the same as 5.2 then sure, which it should be the same or very similar.
Keith will probably have more insite, he is actually running G2's I believe

Individually.
Add objects to an existing Group
•      cf acl modify table=netgroup name=Test addmembers=ipaddr:x.x.x.2, ipaddr:x.x.x.75    (multiple addresses separated by comma’s)

Creating Proxies (Proxys only need enabled on the source burb, be carefull)

Create TCP proxy
•      cf nss create service=TCP333 ports=333
•      cf nss enable t_proxy burb=Internal service=TCP333
•      cf nss enable t_proxy burb=External service=TCP333

Create UDP proxy
•      cf udp-proxy create service=UDP1515 ports=1515-1515
•      cf udp-proxy enable service=UDP1515 burb=Internal
•      cf udp-proxy enable service=UDP1515 burb=External

Create an Access Control List (ACL)
•      cf acl add name=test pos=49 action=allow agent=proxy service=Steve authneeded=no dest=ipaddr: 1.1.1.1 destburb=Ext disable=no nataddr= source=netgroup:Steve sourceburb=Int comments=blah blah blah

Creating IP Filters
•      cf ipfilter add_db allow_tcp comments=Test build an IP filter direction=uni discard=0 dst_addr=1.1.1.1 dst_beg_port=80 dst_bits=24 dst_burb=External dst_end_port=80 enable=yes name=Test_1 nat=0 nat_addr=2.2.2.2 pos=5 sessions=off src_addr=2.2.2.2 src_beg_port=80 src_bits=24 src_burb=Internal src_end_port=80

•      cf ipfilter add_db allow_tcp name=Namehere direction=bi discard=0 \
    dst_addr=1.1.1.1 dst_beg_port=0 dst_bits=32 dst_burb=internal \
    dst_end_port=0 enable=yes nat=0 nat_addr=localhost pos=31 reset=on \
    sessions=on share=off src_addr=2.2.2.2 src_beg_port=0 src_bits=32 \
    src_burb=external src_end_port=0 threshold=0


Or semi automaticcally.
Import network Objects:

Make a text file that contains only the IP address, one IP per line. No subnets or domains.  IPs only.
Run these commands against the file:
zsh     note:  (must be in Zshell)
for x in $(cat filename)
cf acl add table=ipaddr name=${x}



Add objects to a group

Create a file in this format:
             acl add table=netgroup name=groupname burb=burbname \
                    members=ipaddr:1.1.1.1,ipaddr:1.1.1.1 \
Run this command against the file
cf –f filename


import a list of IPs
•      create a file that contains a vertical list of IP addresses.  No subnets or domains.  IPs only.
•      zsh
•      for x in $(cat filename)
•      for>  cf acl add table=ipaddr name=${x}

add the IPs to a group
•      cf acl modify table=netgroup name=groupname addmembers=ipaddr:xxx.xxx.xxx.xxx,ipaddr:xxx.xxx.xxx.xxx,........


cf -f filename


Hope it helps,

Jim
0
 
jelzeinAuthor Commented:
Jim - thanks for the level of detail.  That seems exactly like it would work, but it all assumes i'm at zshell, right?  What if I only have remote access via telnet or the admin console?
0
 
jabiiiCommented:
admin console will work or telnet, both should be the same as ssh as far as interface.


console would probably be best
when you login to the box, to make sure your in the zsh shell, just type zsh :)
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.