besides several bug fixes, this build implements new features in the support
for Cisco routers and ASA (PIX) firewalls. Now we can upload generated
configuration to routers and firewalls using scp and then just activate it
there. This is so much faster than running configuration update line by
line, I can not even measure. We are talking about few seconds compared to
minutes on configuration of any reasonably useful size. The improvement is
especially great when GUI runs on Windows.
For this to work, however, the router or firewall need to be configured to
support ssh v2 and scp. I added commands that do this to the release notes
document shown when you start Firewall Builder v3.1 GUI. It is my
understanding that PIX supports scp starting with v7.0 and IOS has it in
12.4 . It might be available in 12.3 but I can't check. Not in 12.2 for
Also I added support for the automatic configuration rollback on IOS using
EEM (embedded event manager). IOS v12.4 and later has it. This means
fwbuilder can now schedule rollback, try to install updated access lists and
if successful, cancel rollback. If installation gets stuck because new ACLs
block access to the router, the EEM applet kicks in when timer expires and
reverts the change without rebooting the router. Rollback is done using
command "config replace nvram:startup-config force". This is optional and
you can specify the timeout value in minutes. If the router runs IOS older
than 12.4, rollback can be done by rebooting the router just like in
fwbuilder 3.0 . If anyone knows a way to revert unsaved configuration
change in older IOS versions without rebooting the router, I would
appreciate the hint.
Besides that, this build fixes few crashes and usability issues in the GUI.
The full list is in the ChangeLog file. I've been adding folks who reported
problems to the CC field in the bug reports we opened so you already know
when the bug you reported has been fixed.
Happy holidays to all,