To quickly import a large number of firewalls in SMC and generate their connecting package, you can use a CSV file and import it on the server from the command line interface.
An example of a CSV file "example-firewalls-and-packages.csv" is available on the server, in the folder /var/fwadmin/examples/csv.
The file may contain the following parameters organized in columns and separated by commas. Only the first column #fwname is mandatory:
- #fwname: firewall's name,
- #fwversion: version of the firewall used for determining the version of the generated connecting package. If this field is empty, version 3.1 will be used.
- #fwdesc: firewall's description,
- #fwplace: location of the firewall,
- #fwfolder: the destination folder of the firewall. A path in the form of <folder1>/<folder2>/... can be specified to indicate the destination folder in the hierarchy of folders. If the specified folders do not yet exist, the SMC server will create them.
#vpn-fw-public-ip-address: firewall contact IP address manually specified in its settings and used in VPN topologies.
- #Vpn-fw-local-adress: firewall output interface used as source in VPN tunnels.
#pkg-fw-address: contact address of the firewall detected by SMC,
#pkg-fw-netmask: subnet mask,
#pkg-fw-gateway: the firewall's default gateway,
- #pkg-smc-addresses (IP1:PORT1,IP2:PORT2): IP address and port of the SMC server - this information is needed for the connecting package,
#custom1 to #custom10: customizable fields numbered from 1 to 10, which can be used in variable network objects and in SNS CLI scripts.
The order of parameters must always be the same.
- Start by copying the CSV file on the SMC server using the SSH protocol in the /tmp folder for example. This example is used in the procedure below.
- Connect to the SMC server via the console port or SSH connection with the “root” account.
- Enter the command:
Generated connecting packages are available in the folder /tmp/packages.
The status of an import will be indicated for each firewall, as well as a summary when the import is complete.
You can also:
- Import firewalls without generating connecting packages, using the option
fwadmin-firewalls-and-packages /tmp/filename.csv --firewall-only
- Generate only connecting packages, using the option
fwadmin-firewalls-and-packages /tmp/filename.csv --package-only
If an imported firewall already existed in SMC, an error will appear. You may use the
--force-update option to overwrite the existing firewall with the one indicated in the CSV file.