Debian Auto-Configure Watchguard Firebox Edge x10e or Soho TC6
While I was working at my last company I was asked to put together a build system that could detect and check files that could be flashed to a Watchguard Firebox Edge x10e or a SOHO TC6.
Basically it takes a file .cfg file checks to see if it a valid file format for either device and then checks the device is connected.
What you need is a PC with a nic set to DHCP that can be connected to the firebox, debian etch installed with nmap installed (aptitude install nmap)
Its very crude but it works!
The files are in bash script format
Firebox main config file – fireboxcfg
#!/bin/bash
wgcfg="$1"
clear
tput sgr0
echo "$1"
pressenter()
{
echo ""
echo -n "Press Enter to continue"
read
}
sohofilecheck()
{
if cat "$wgcfg" | grep -q "FVER: 6"
then
finalip=`cat "$wgcfg" | grep "Lastip" | cut -f 2 -d : | sed s/^ //`
finalsubnetmask=`cat "$wgcfg" | grep "eth1" | cut -f 5 -d | sed s/^ //`
fireboxnewip=`cat "$wgcfg" | grep "eth1" | cut -f 3 -d | sed s/^ //`
echo ""
echo -e "Config File \033[4m$wgcfg\033[0m submitted, is for a Soho TC6."
echo ""
echo -e "\033[4mAccepted.\033[0m"
echo ""
else
echo "WARNING! Config File $wgcfg submitted, is not compatable with a Soho TC6."
echo ""
echo -e "\033[4mDeclined.\033[0m"
echo ""
pressenter
fi
}
edgefilecheck()
{
if cat "$wgcfg" | grep -q "FVER: 8"
then
finalip=`cat "$wgcfg" | grep "lastip" | cut -f 2 -d : | sed s/^ //`
finalsubnetmask=`cat "$wgcfg" | grep "eth1" | cut -f 5 -d | sed s/^ //`
fireboxnewip=`cat "$wgcfg" | grep "eth1" | cut -f 3 -d | sed s/^ //`
echo ""
echo "Config File $wgcfg submitted, is for a Edge x10e."
echo""
echo -e "\033[4mAccepted.\033[0m"
echo ""
else
echo "WARNING! Config File $wgcfg submitted, is not compatable with a Edge x10e."
echo""
echo -e "\033[4mDeclined.\033[0m"
echo ""
pressenter
fi
}
pingtoftpfail()
{
while ping -c 1 192.168.111.1 2>&1 1>/dev/null
do
sleep 1;
echo "Firebox Still on 192.168.111.1..."
done;
killall ftp
echo "Firebox is now rebooting..."
}
if [ -z "$1" ]
then
echo "Please provide a firebox filename"
echo ""
pressenter
fi
echo -e "\033[1mMaking sure Firebox Interface is offline...\033[0m"
echo ""
ifconfig eth1 down
echo ""
echo "Bringing the Firebox Interface online..."
ifconfig eth1 192.168.111.2 netmask 255.255.255.0 up
if ping -c 1 192.168.111.1 2>&1 1>/dev/null
then
if nmap 192.168.111.1 -P0 -p 443 | grep -q "closed"
then
echo ""
echo "A Soho TC6 is conencted."
echo ""
sohofilecheck
./fireboxsohoftp "$wgcfg" &
pingtoftpfail
else
echo ""
echo "A Edge x10e is conencted."
echo ""
edgefilecheck
./fireboxedgeftp "$wgcfg" &
pingtoftpfail
fi
else
echo ""
echo -e "\033[4mPlease make sure the firebox is connected to the
Firebox Interface\033[0m";tput sgr0
echo ""
pressenter
fi
echo ""
echo ""
echo "Bringing the Firebox Interface online with $finalip and $finalsubnetmask..."
echo ""
ifconfig eth1 192.168.111.1 netmask 255.255.255.0 down
ifconfig eth1 "$finalip" netmask "$finalsubnetmask" up
sleep 5
while ! ping -c 1 "$fireboxnewip" 2>&1 1>/dev/null
do
echo "Waiting for firebox to reboot..."
sleep 5
done
echo "Firebox configured."
pressenter
fireboxsohoftp
#! /bin/sh
wgcfg="$1"
echo "Uploading $wgcfg Please Wait..."
sleep 5
ftp -n 2>&1 1>/dev/null << SCRIPT
open 192.168.111.1
user user pass
put "$wgcfg" wg.cfg
quote rebt
bye
SCRIPT
fireboxedgeftp
#! /bin/sh
wgcfg="$1"
echo "Uploading $wgcfg Please Wait..."
sleep 5
ftp -n 2>&1 1>/dev/null << SCRIPT
open 192.168.111.1
user admin admin
put "$wgcfg" wg.cfg
quote rebt
bye
SCRIPT
Recent Comments