Updating firewalls by using SNS CLI scripts
SNS CLI scripts can be used to update your pool of SN firewalls.
You must first download the relevant update files in your secure MyStormshield area (.maj).
If you have standalone firewalls and high availability clusters, we recommend that you create a script for each use case (standalone firewalls, active nodes, passive nodes, both nodes at the same time).
We recommend that you back up the configuration of your firewalls before updating them.
Follow the steps below:
- Create the update script with the commands described in the following examples, replacing 3.5.1 with the desired version (for more information on the %FW_UPD_SUFFIX% variable, refer to the section Using variables):
- For standalone firewalls:
SYSTEM UPDATE UPLOAD $FROM_DATA_FILE("fwupd-3.5.1-%FW_UPD_SUFFIX%")
SYSTEM UPDATE ACTIVATE
- For clusters:
- Passive nodes:
SYSTEM UPDATE UPLOAD fwserial=passive $FROM_DATA_FILE("fwupd-3.5.1-%FW_UPD_SUFFIX%")
SYSTEM UPDATE ACTIVATE fwserial=passive
- Active nodes:
SYSTEM UPDATE UPLOAD fwserial=active $FROM_DATA_FILE("fwupd-3.5.1-%FW_UPD_SUFFIX%")
SYSTEM UPDATE ACTIVATE fwserial=active
- Both nodes at the same time:
SYSTEM UPDATE UPLOAD fwserial=all $FROM_DATA_FILE("fwupd-3.5.1-%FW_UPD_SUFFIX%")
SYSTEM UPDATE ACTIVATE fwserial=all
In this case, both nodes can be then unavailable at the same time during the update process.
- Passive nodes:
After running an update script on a cluster, the automatic synchronization between both nodes performed by the SMC server always fails because the update makes one of the node unavailable. This error can be seen in the Execution tab and does not prevent the update from being run.