Updating firewalls by using SNS CLI scripts
SNS CLI scripts can be used to update your pool of SN firewalls.
You must first download the relevant update files in your secure MyStormshield area (.maj).
If you have standalone firewalls and high availability clusters, we recommend that you create a script for each use case (standalone firewalls, active nodes, passive nodes and both nodes at the same time).
We recommend that you back up the configuration of your firewalls before updating them.
Follow the steps below:
- Create the update script using the commands described in the following examples, replacing 3.5.1 with the desired version (for further information on the variable %FW_UPD_SUFFIX%, refer to the section Using variables ):
- For standalone firewalls:
SYSTEM UPDATE UPLOAD $FROM_DATA_FILE("fwupd-3.5.1-%FW_UPD_SUFFIX%")
SYSTEM UPDATE ACTIVATE
- For clusters:
- Passive nodes:
SYSTEM UPDATE UPLOAD fwserial=passive $FROM_DATA_FILE("fwupd-3.5.1-%FW_UPD_SUFFIX%")
SYSTEM UPDATE ACTIVATE fwserial=passive
- Active nodes:
SYSTEM UPDATE UPLOAD fwserial=active $FROM_DATA_FILE("fwupd-3.5.1-%FW_UPD_SUFFIX%")
SYSTEM UPDATE ACTIVATE fwserial=active
- Both nodes at the same time:
SYSTEM UPDATE UPLOAD fwserial=all $FROM_DATA_FILE("fwupd-3.5.1-%FW_UPD_SUFFIX%")
SYSTEM UPDATE ACTIVATE fwserial=all
In this use case, both nodes may become unavailable at the same time during the update process.
- Passive nodes:
After an update script has been run on a cluster, the SMC server's automatic synchronization of both nodes will always fail as the update would have made one of the nodes unavailable. Details of this error, which does not prevent the update from proceeding properly, are provided in the Execution tab.