Showing results for 
Show  only  | Search instead for 
Did you mean: 

multiple configuration management


We need to create and manage around 240 different sidewinder configurations. The only differences between each configuration are the interface IP addresses and the OSPF configuration.

I was hoping to use a template approach with variable substitution, but unfortunately the configurations are binary encoded.

Does anybody have any ideas how I could do this, without having to generate and manage 240 individual configurations ?

thanks in advance


3 Replies
Level 14
Report Inappropriate Content
Message 2 of 4

Re: multiple configuration management


I imagine this is exactly what the Firewall Control Center is supposed to do:-

Taken directly from -

"McAfee Firewall Enterprise Control Center (sold separately) — Offers centralized, enterprise-class network firewall policy management for global-scale deployments."


Message was edited by: PhilM on 17/05/13 16:51:33 IST

Re: multiple configuration management


thanks for the reply. unfortunately we would have to buy 240 of these as our "network units" are portable and can be dynamically connected to other "network units" at any time, then torn down at any time. We have to give our customer an easy way of configuring the sidewinder based on a unique ID. We cannot give them access to the standard GUI as they could then foul up the configuration. Unfortunately its complicated. I was hoping the configuration could be downloaded over a serial port like a cisco, but no such luck


Level 14
Report Inappropriate Content
Message 4 of 4

Re: multiple configuration management

You could do something like this:

  • Create a configuration with all the rules you need.
  • Configure OSPF and get it working.
  • Figure out exactly what you will need to change for each new configuration (hostname, interface IPs, SSH keys, routes...)
  • Create a simple shell script to run 'cf' commands to change the hostname, interfaces, copy commands (to copy OSPF config files to the config directory let's say, or SSH keys), up/down the interfaces, et cetera.
  • Put this shell script and any files (OSPF configs, SSH keys, Readmes) into the home directory of a default user.  All user directories are backed-up in the config backups (which is why you don't want to keep large files in the /home directories).
  • Restore this config onto the firewalls, login as that user, edit the script for the correct values for this firewall (or make it interactive), run it, reboot.

You can basically configure everything using the 'cf' command and standard bsd/linux commands.  The GUI will be needed sometimes though, and you could create a rule for that for future issues (a rule only you can use, locked down by source/IP let's say).

Also, Phil is right, Control Center can do this.  The OSPF (all routing configuration actually) and interface configurations are separate for each firewall.  You can push the same rules to all firewalls and they would all have different OSPF configs, IPs, and hostnames.  You can register firewalls to Control Center using the 'cf' command also (in a script).

I'm sure if we discuss this we can find something suitable, or at least give you ideas.

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community