?
Solved

Sidewinder G2 File Editor

Posted on 2006-05-05
5
Medium Priority
?
486 Views
Last Modified: 2008-01-09
I'm in the process of migrating to a Sidewinder G2 firewall appliance.  The config is straight forward and show be quite simple to perform the migration, but I have 40 pages of hosts and IP addresses(Network Objects) that need to be imported into the config.

The Admin Console has a file editor for advanced editing.  I was wondering if there is an editable file within the linux config files that I can copy/paste all the hosts into vs. going through the GUI.

Any help would be greatly appreciated!

Thanks,
JE
0
Comment
Question by:jelzein
  • 2
3 Comments
 
LVL 9

Accepted Solution

by:
jabiii earned 2000 total points
ID: 16630810
If it is the same as 5.2 then sure, which it should be the same or very similar.
Keith will probably have more insite, he is actually running G2's I believe

Individually.
Add objects to an existing Group
•      cf acl modify table=netgroup name=Test addmembers=ipaddr:x.x.x.2, ipaddr:x.x.x.75    (multiple addresses separated by comma’s)

Creating Proxies (Proxys only need enabled on the source burb, be carefull)

Create TCP proxy
•      cf nss create service=TCP333 ports=333
•      cf nss enable t_proxy burb=Internal service=TCP333
•      cf nss enable t_proxy burb=External service=TCP333

Create UDP proxy
•      cf udp-proxy create service=UDP1515 ports=1515-1515
•      cf udp-proxy enable service=UDP1515 burb=Internal
•      cf udp-proxy enable service=UDP1515 burb=External

Create an Access Control List (ACL)
•      cf acl add name=test pos=49 action=allow agent=proxy service=Steve authneeded=no dest=ipaddr: 1.1.1.1 destburb=Ext disable=no nataddr= source=netgroup:Steve sourceburb=Int comments=blah blah blah

Creating IP Filters
•      cf ipfilter add_db allow_tcp comments=Test build an IP filter direction=uni discard=0 dst_addr=1.1.1.1 dst_beg_port=80 dst_bits=24 dst_burb=External dst_end_port=80 enable=yes name=Test_1 nat=0 nat_addr=2.2.2.2 pos=5 sessions=off src_addr=2.2.2.2 src_beg_port=80 src_bits=24 src_burb=Internal src_end_port=80

•      cf ipfilter add_db allow_tcp name=Namehere direction=bi discard=0 \
    dst_addr=1.1.1.1 dst_beg_port=0 dst_bits=32 dst_burb=internal \
    dst_end_port=0 enable=yes nat=0 nat_addr=localhost pos=31 reset=on \
    sessions=on share=off src_addr=2.2.2.2 src_beg_port=0 src_bits=32 \
    src_burb=external src_end_port=0 threshold=0


Or semi automaticcally.
Import network Objects:

Make a text file that contains only the IP address, one IP per line. No subnets or domains.  IPs only.
Run these commands against the file:
zsh     note:  (must be in Zshell)
for x in $(cat filename)
cf acl add table=ipaddr name=${x}



Add objects to a group

Create a file in this format:
             acl add table=netgroup name=groupname burb=burbname \
                    members=ipaddr:1.1.1.1,ipaddr:1.1.1.1 \
Run this command against the file
cf –f filename


import a list of IPs
•      create a file that contains a vertical list of IP addresses.  No subnets or domains.  IPs only.
•      zsh
•      for x in $(cat filename)
•      for>  cf acl add table=ipaddr name=${x}

add the IPs to a group
•      cf acl modify table=netgroup name=groupname addmembers=ipaddr:xxx.xxx.xxx.xxx,ipaddr:xxx.xxx.xxx.xxx,........


cf -f filename


Hope it helps,

Jim
0
 

Author Comment

by:jelzein
ID: 16633357
Jim - thanks for the level of detail.  That seems exactly like it would work, but it all assumes i'm at zshell, right?  What if I only have remote access via telnet or the admin console?
0
 
LVL 9

Expert Comment

by:jabiii
ID: 16633457
admin console will work or telnet, both should be the same as ssh as far as interface.


console would probably be best
when you login to the box, to make sure your in the zsh shell, just type zsh :)
0

Featured Post

Prep for the ITIL® Foundation Certification Exam

December’s Course of the Month is now available! Enroll to learn ITIL® Foundation best practices for delivering IT services effectively and efficiently.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
Phishing emails are a popular malware delivery vehicle for attack.  While there are many ways for an attacker to increase the chances of success for their phishing emails, one of the most effective methods involves spoofing the message to appear to …
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

755 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question