Script commands via SSH – Sonicwall

I had the need to script some configuration in our Sonicwall firewall, so I went looking for a way to do this. I found a solution to configure via SSH here, but I needed to add some additional switches to make it work. Here is an example that does work.

(echo -e 'admin\npassword'; sleep 2; echo 'show interface X2'; sleep 2; echo logout; sleep 2) | ssh -t -t admin@X.X.X.X

Update: I recently tried using this again, and found that it didn’t quite work. I had to change it to the following:

(echo -e 'admin'; sleep 2; echo 'npassword'; sleep 2; echo 'show interface X2'; sleep 2; echo logout; sleep 2) | ssh -t -t admin@X.X.X.X

Sonicwall – 552 MS-Office file containing VBA macros found inside of the email

We were having clients say that they were unable to send us emails containing VBA macros. After spending at least 45 minutes checking all of our usual suscpects, I finally got a copy of the error message the client was getting, and they forwarded me the following error: 552 MS-Office file containing VBA macros found inside of the email.

At this point it I realized it was not coming from our mailhost. I quick bit of googling and I found that this was being blocked at the firewall level. It appears that Sonicwall firewalls when they have enabled the Gateway AV security service will block VBA macros as an option. It is a configuration option to enable or disable.

 

Graphing Sonicwall VPN Tunnel Usage

I have the need to track the network usage between each of our offices. We currently use IPSec based tunnels across the Internet for connectivity between all of our offices (we use a full mesh configuration). I looked around for way to monitor and graph the data for these tunnels off our Sonicwall firewalls, but found no good solution.

So I created the following templates and scripts for monitoring our Sonicwall firewalls via my favorite network monitoring application Cacti. The template includes graphs for CPU Utilization, Memory Usage, Current Connections Cache, and most importantly VPN utilization on a tunnel-by-tunnel.

The script portion (written is PERL) queries the firewall and returns the list of currently active tunnels (by the IP address on the Peer Gateway) as well as the tunnel name and decrypted (received) bytes and encrypted (transmitted) bytes. Because the tunnels are renegotiated (by default every 8 hours) you will experience spikes in your graph unless you follow the installation instructions.

Also because the firewall does not always return the VPN tunnel name you must renegotiate each tunnel prior to creating the graphs the first time in order for it to correctly pull in the name. You may need to do this a couple of times being sure to press the green reload O button in Cacti before they will all show up.

Installation Instructions: Visit my post on the Cacti forums for installing the software.

If you are running SonicOS Enhanced then you be able to graph everything, if you are running SonicOS Standard or the older the 6.X firmware, then you will only get the VPN monitoring as the other stats are unavailable via SNMP.

The following is the usage syntax if you would like to run the script by itself.

query_sonicwall_vpn.pl host community index
query_sonicwall_vpn.pl host community query {peergateway, vpnname, decryptbytes, encryptbytes}
query_sonicwall_vpn.pl host community get {peergateway, vpnname, decryptbytes, encryptbytes} DEVICE

DEVICE is the IP address of the PeerGateway of the tunnel you want

I know the script is less than optimal, but then I’m not really a programmer so I’d appreciate any feedback. Additionally, the basis for the script came from Dan Brummer in this post