[Fwbuilder-discussion] Firewall Builder v3.1 build 2266
Brought to you by:
mikehorn
From: Vadim K. <va...@vk...> - 2009-12-24 04:45:39
|
besides several bug fixes, this build implements new features in the support for Cisco routers and ASA (PIX) firewalls. Now we can upload generated configuration to routers and firewalls using scp and then just activate it there. This is so much faster than running configuration update line by line, I can not even measure. We are talking about few seconds compared to minutes on configuration of any reasonably useful size. The improvement is especially great when GUI runs on Windows. For this to work, however, the router or firewall need to be configured to support ssh v2 and scp. I added commands that do this to the release notes document shown when you start Firewall Builder v3.1 GUI. It is my understanding that PIX supports scp starting with v7.0 and IOS has it in 12.4 . It might be available in 12.3 but I can't check. Not in 12.2 for sure. Also I added support for the automatic configuration rollback on IOS using EEM (embedded event manager). IOS v12.4 and later has it. This means fwbuilder can now schedule rollback, try to install updated access lists and if successful, cancel rollback. If installation gets stuck because new ACLs block access to the router, the EEM applet kicks in when timer expires and reverts the change without rebooting the router. Rollback is done using command "config replace nvram:startup-config force". This is optional and you can specify the timeout value in minutes. If the router runs IOS older than 12.4, rollback can be done by rebooting the router just like in fwbuilder 3.0 . If anyone knows a way to revert unsaved configuration change in older IOS versions without rebooting the router, I would appreciate the hint. Besides that, this build fixes few crashes and usability issues in the GUI. The full list is in the ChangeLog file. I've been adding folks who reported problems to the CC field in the bug reports we opened so you already know when the bug you reported has been fixed. Happy holidays to all, --vk |