Using variables

The properties of firewalls indicated in the list of firewalls or in the settings of each firewall (Monitoring > Firewalls menu) are variables that can be used in scripts.

You can use even more variables with the help of a CSV file. Refer to the section Using a CSV file.

Variables are case sensitive.

Insert variables surrounded with the symbol % in the CLI commands of your script.

These variables take on different values according to the firewall on which the script is run:

  • FW_ADDRESS: IP address field of the firewall connected to the SMC server,
  • FW_DESCRIPTION: firewall's Description field.
  • FW_LOCATION: firewall's Location field.
  • FW_MODEL: firewall's model,
  • FW_NAME: firewall's name,
  • FW_SERIAL: firewall's serial number,
  • FW_VERSION: firewall's version number,
  • FW_ARCHITECTURE: architecture of the firewall's processor,
  • FW_SIZE: firewall range,
  • FW_VM: virtual firewall,
  • FW_UPD_SUFFIX: variable used for the SNS firewall update, taking on the value SNS-%FW_ARCHITECTURE%-%FW_SIZE%.maj (SNS-amd64-M.maj for example). For more information, refer to the section Updating firewalls by using SNS CLI scripts.
  • HA_PEER_SERIAL: serial number of the passive firewall (without High availability, the value will be empty),
  • HA_PEER_FIRMWARE: version number of the passive firewall (without High availability, the value will be empty),
  • CUSTOM_X : customized fields

%CUSTOM_X% variables can be customized to fit your needs. Double-click on a firewall in the Monitoring > Firewalls menu and open the Customized variables tab. For more information, please refer to the section Creating custom variables.

These variables have the same value for all firewalls and refer to the server's date and time:

  • NOW: full date in local format (example: "%NOW%" => "20151222-104727"),
  • NOW_AS_DATE: date in local format (example: "%NOW_AS_DATE%" => "20151222"),
  • NOW_AS_TIME: time in local format (example: "%NOW_AS_TIME%" => "104727").

In order to perform operations on a large number of firewalls, or to perform a complex operation on a firewall, we recommend that you use a CSV file.

CSV files can only be used in the command line interface. Variables associated with firewalls will then be read from this file and the script will be duplicated as many times as the number of lines in the CSV file for a given firewall.

An example of a CSV file "example-sns-cli-script.csv" is available on the server, in the folder /opt/stormshield/examples/csv/.

To find out how to use CSV files in the command line interface, refer to the section Examples of the use of scripts in command line with a CSV file.