Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
474 Views 3 Replies Latest reply: May 23, 2013 12:54 AM by sliedl RSS
dan_networker Newcomer 4 posts since
May 17, 2013
Currently Being Moderated

May 17, 2013 8:14 AM

multiple configuration management

Hi,

 

We need to create and manage around 240 different sidewinder configurations. The only differences between each configuration are the interface IP addresses and the OSPF configuration.

 

I was hoping to use a template approach with variable substitution, but unfortunately the configurations are binary encoded.

 

Does anybody have any ideas how I could do this, without having to generate and manage 240 individual configurations ?

 

thanks in advance

 

Dan

  • PhilM Champion 528 posts since
    Jan 7, 2010
    Currently Being Moderated
    1. May 17, 2013 10:51 AM (in response to dan_networker)
    Re: multiple configuration management

    Dan,

     

    I imagine this is exactly what the Firewall Control Center is supposed to do:-

     

    Taken directly from - http://www.mcafee.com/us/products/firewall-enterprise.aspx

     

    "McAfee Firewall Enterprise Control Center (sold separately) — Offers centralized, enterprise-class network firewall policy management for global-scale deployments."

     

    -Phil.

     

    Message was edited by: PhilM on 17/05/13 16:51:33 IST
  • sliedl McAfee SME 535 posts since
    Nov 3, 2009
    Currently Being Moderated
    3. May 23, 2013 12:54 AM (in response to dan_networker)
    Re: multiple configuration management

    You could do something like this:

    • Create a configuration with all the rules you need.
    • Configure OSPF and get it working.
    • Figure out exactly what you will need to change for each new configuration (hostname, interface IPs, SSH keys, routes...)
    • Create a simple shell script to run 'cf' commands to change the hostname, interfaces, copy commands (to copy OSPF config files to the config directory let's say, or SSH keys), up/down the interfaces, et cetera.
    • Put this shell script and any files (OSPF configs, SSH keys, Readmes) into the home directory of a default user.  All user directories are backed-up in the config backups (which is why you don't want to keep large files in the /home directories).
    • Restore this config onto the firewalls, login as that user, edit the script for the correct values for this firewall (or make it interactive), run it, reboot.

     

    You can basically configure everything using the 'cf' command and standard bsd/linux commands.  The GUI will be needed sometimes though, and you could create a rule for that for future issues (a rule only you can use, locked down by source/IP let's say).

     

    Also, Phil is right, Control Center can do this.  The OSPF (all routing configuration actually) and interface configurations are separate for each firewall.  You can push the same rules to all firewalls and they would all have different OSPF configs, IPs, and hostnames.  You can register firewalls to Control Center using the 'cf' command also (in a script).

     

    I'm sure if we discuss this we can find something suitable, or at least give you ideas.

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points