Appliance Command-Line Tools

Most of the configuration management tasks that you need to perform—backing up and restoring your appliance configuration, applying upgrades, and so on—can be done using the Web-based Aventail Management Console (AMC), on the Maintenance page. This section describes tools on the appliance that perform these same tasks and some others, for administrators who prefer to work on the command line.

Tool

Purpose

Setup Tool
(setup_tool)

Configure the appliance by running Setup Tool from a serial connec­tion using a laptop computer or terminal.

• See Configuring a New Appliance Using Setup Tool on page 688.

Note:: Starting in 10.7.0, setup_tool and cluster_tool are integrated into config_reset.

Backup Tool
(config_backup)

Save the current configuration file.

• See Saving Configuration Data on page 690.

Config Reset
(config_reset)

To restore the factory default configuration settings.

• See Restoring Factory Default Configuration Settings on page 691.

Update Tool
(upgrade_<ver­sion>.bin)

Install a software update.

• See Installing System Upgrades (Command Line Tool) on page 692.

Rollback Tool
(rollback_tool)

Roll the system software back to its most recent state prior to an upgrade.

• See Reverting to a Previous Version on page 693.

Factory Reset Tool
(factory_reset_tool)

Restore the appliance to its original state when received from the vendor. Use this tool as a last resort; there is no AMC equivalent for this feature.

• See Performing a Factory Reset on page 693.

Cluster Tool
(cluster_tool)

Upgrade a single node to be part of a cluster; there is no AMC equiv­alent for this functionality.

• See Troubleshooting a Cluster on page 544

Note:: Starting in 10.7.0, setup_tool and cluster_tool are integrated into config_reset.

Host Validation Tool
(checkhosts)

Show a list of the hosts referred to in your appliance resources, and find out if they are accessible and can be resolved in DNS.

• See Validating Hosts on page 694

See Managing Configuration Data on page 309 and Upgrading, Rolling Back, or Resetting the System on page 322 for a description of configuration data files and how to manage them in AMC.

: : Configuring a New Appliance Using Setup Tool

: : Saving and Restoring Configuration Data

: : Upgrading or Rolling Back System Software on page 692

: : Validating Hosts on page 694

Configuring a New Appliance Using Setup Tool

The recommended way to set up a new appliance is to use the LCD controls on the front of the appliance to enter information that will enable a Web browser to connect to your appliance so that you can connect to the Aventail Management Console and run Setup Wizard, as described in Powering Up and Configuring Basic Network Settings on page 49.

If you prefer using a command-line utility you can configure the appliance by running Setup Tool from a serial connection using a laptop computer or terminal.

: : Tips for Working with Setup Tool on page 688

: : Using Setup Tool on page 688

Tips for Working with Setup Tool

Here are some tips for working with Setup Tool:

: : Yes or no questions include a [y] or [n] at the end of the prompt; type the appropriate letter and then press Enter to display the next question.

: : To delete a character, press Backspace. (On a Windows-based PC, you can also press Delete to remove a character.)

: : When typing an IP address or netmask, use the standard IP address format of four octets (w.x.y.z). Setup Tool provides basic error checking (for example, validating that the gateway you type is on the same subnet as the appliance).

: : Type q to quit Setup Tool and discard your changes.

Using Setup Tool

When you run Setup Tool from the command line, it prompts you to accept the E-Class SRA End User License Agreement (EULA), create a root password, and provide an IP address, subnet mask, and internal default gateway.

If you are installing a high-availability cluster (a pair of appliances), refer to Installing and Configuring a Cluster on page 538; if you are installing a larger group of appliances, see Configuring a High-Capacity Cluster on page 749 for installation instructions.

To run Setup Tool

1. Make a serial connection to the appliance (see Powering Up and Configuring Basic Network Settings on page 49), and then turn on the appliance using the power button.

2. If the appliance has not yet been configured, or if you have just reset it using either Factory Reset Tool or Config Reset, Setup Tool will run automatically.

3. When you’re prompted to log in, type root for the username; press Enter to move to the next screen.

4. You’re prompted to type an IP address, subnet mask, and (optionally) a gateway for the internal interface. You use this interface to connect to the appliance from a Web browser and continue setup using AMC.

IP address:

: : Type an IP address for the internal interface connected to your internal (or private) network and then press Enter.

Subnet mask:

: : Type a netmask for the internal network interface and then press Enter.

Gateway:

: : If the computer from which you’ll access AMC is on a different network than the appliance, you must specify a gateway. Type the IP address of the gateway used to route traffic to the appliance and then press Enter.

If you’re accessing AMC from the same network on which the appliance is located, simply press Enter.

5. Next, you’re prompted to review the information you provided. Press Enter to accept the current value, or type a new value and then press Enter.

6. You are then asked if this node will be part of a cluster.

: : Because this is a single-node installation, you should accept the default by pressing Enter. For details on installing a cluster, see Installing and Configuring a Cluster on page 538 and Configuring a High-Capacity Cluster on page 749.

7. Finally, you’re prompted to save and apply your changes.

: : Press Enter to save your changes.

At this point, Setup Tool saves your changes and restarts the necessary services. It also generates SSL keys using the information you provided (SSH requires security keys that it exchanges with remote SSH clients and servers). Once SSH is configured using Setup Tool, it will display a message saying that it is generating these keys.

During this time, you will receive minimal feedback; be patient and do not assume that Setup Tool is not responding. When Setup Tool is finished, a message appears indicating that the initial setup is complete. This message also includes the URL for accessing AMC.

Saving and Restoring Configuration Data

Included on the appliance are a number of command-line administrative tools for saving and restoring configuration data:

: : Config Backup Tool—Saves the current configuration file

: : Config Restore Tool—Restores a saved configuration file

The AMC method for saving and restoring configuration data is more convenient, but it imports and exports a subset of the data that can be saved and restored using the command-line tools. The following table compares the two methods:

Configuration item

AMC

Command-line tools

Access policy

x

x

Certificates

x

x

Aventail WorkPlace customizations

x

x

Node-specific network settings

x

x

: : Saving Configuration Data on page 690

: : Restoring Configuration Data on page 690

Saving Configuration Data

Backup files are saved to a compressed tar file (by default, /var/backups/cfgback.tgz). It is a good practice to back up your system regularly, especially when making many system customizations.

To back up your configuration using Backup Tool

1. Connect to the appliance using SSH or a serial connection, and log in as “root”.

2. Type config_backup, specifying any of the following optional parameters:

config_backup [-t <tarfile>] [-q] [-d <debuglevel>] [-h]

Parameter

Description

-t <tarfile>

Backs up your configuration to the specified file. This parameter is required only if you want to back up to a different backup file than the default file: /var/backups/cfgback.aea

Setting this parameter is not recommended, because the restore program normally looks for the default file when restoring.

-q

Turns off the confirmation prompts (making the backup “quiet”). Normally, you are prompted when you might overwrite an existing backup file.

-d <debuglevel>

Specifies how much information to display about the backup operation. Set <debuglevel> to an integer between 0 (no information) and 10 (complete information). The default is 1 (normal information).

-h

Shows help listing available parameters.

When you run Config Backup Tool, it saves your system configuration files to a backup file with the name and location specified above. If a backup file already exists at that location, you are prompted to confirm that you want to overwrite it (unless you use the -q parameter).

Note: Your configuration is automatically backed up if you install a new system update using Update Tool. This will not overwrite manual backups created by an administrator.

For additional protection, use a program like SCP to copy the .tgz file from the appliance to a separate location, such as a drive on your network or removable media.

You can automate backups by adding Backup Tool to a script. In this case, use the -q parameter to suppress confirmation prompts.

Restoring Configuration Data

Dell SonicWALL recommends you save and restore configuration data with the Import/Export function on the AMC Maintenance page. However, if you save data manually, you can restore configuration data from the .aea file. The default file name is /var/backups/cfgback.aea.

Related Topics

: : Restoring Factory Default Configuration Settings on page 691

Restoring Factory Default Configuration Settings

You may occasionally want to restore factory default configuration settings. For example, if you are moving an appliance to a different environment and have a large number of configuration changes to make, it may be more convenient to restore the appliance to its default settings and start over from scratch. To restore the factory defaults, use a command-line utility named Config Reset Tool.

Caution: Running Config Reset Tool will delete all of your existing system configuration data. If you intend to restore a configuration from backup, make sure you have copied your backup files to another system before continuing.

To restore factory default configuration settings

1. Make a serial connection to the appliance (see Powering Up and Configuring Basic Network Settings on page 49), and then log in as “root”.

2. Type config_reset to run Config Reset Tool.

3. You are prompted to restore default settings (“Reset the appliance configuration to factory defaults?”). Type y and then press Enter.

4. You are prompted to reboot or shut down (halt) the appliance. Type r to reboot, or h to halt. If you reboot the system, a login prompt appears after the system restarts.

Caution: EX9000, EX7000, and EX6000 appliances: Remove any USB devices from the appliance before you reboot it. If a USB device is plugged in to your appliance when it is rebooted, the appliance tries to use it as a boot device. As a result, the boot information stored in the BIOS on the appliance is overwritten, and the EX9000, EX7000, or EX6000 becomes unusable.

5. Run Setup Tool again to configure the network; see Configuring a New Appliance Using Setup Tool on page 688.

Note: Restoring factory default configuration settings on an appliance is different from performing a factory reset, which should only be used as a last resort. See Performing a Factory Reset on page 693 for more information.

Related Topics

: : Managing Configuration Data

Upgrading or Rolling Back System Software

Use the following tools for updating the appliance system software:

Tool

Purpose

Update Tool

Upgrade to a new version of the system software.

Rollback Tool

Roll the system software back to its most recent state prior to an upgrade.

You cannot use Rollback Tool to remove any hotfixes that you’ve installed, but you can use AMC to do so; see Rolling Back to a Previous Version on page 328 for more information.

Factory Reset Tool

Restore the appliance to its original state when received from the vendor. Use this tool as a last resort.

: : Installing System Upgrades (Command Line Tool) on page 692

: : Reverting to a Previous Version on page 693

: : Performing a Factory Reset on page 693

Installing System Upgrades (Command Line Tool)

After you’ve downloaded a system upgrade or hotfix and copied it to the appliance, you can install it using Aventail Management Console, described in Installing System Updates on page 325. If you prefer to work from the command line, follow the steps below.

For information on updating the software on a cluster, see Upgrading a Cluster on page 544.

To install a system upgrade

1. Connect to the appliance using SSH or a serial connection, and log in as “root”.

2. Copy the upgrade file to the /upgrade directory on the appliance.

3. Some SCP programs do not maintain the original file permissions after a transfer. Make sure the upgrade file is executable by typing the following:

chmod +x upgrade_<version>.bin

4. Type /upgrade/upgrade_<version>.bin, specifying the appropriate upgrade version number.

5. Reboot the appliance.

Caution: EX9000, EX7000 and EX6000 appliances: Remove any USB devices from the appliance before you reboot it. If a USB device is plugged in to your appliance when it is rebooted, the appliance tries to use it as a boot device. As a result, the boot information stored in the BIOS on the appliance is overwritten, and the EX9000, EX7000, or EX6000 becomes unusable.

Note: If you receive an “Update failed” error message, check the following log file to find out why:
/var/log/migrate_[VERSION_BEING_MIGRATED_FROM].log
For example, if you have a CA eTrust SiteMinder server configured in v8.9.0 and you upgrade to v10.x, which doesn’t support that authentication type, the update fails and the reason is recorded in /var/log/migrate_8_9_0.log.

Reverting to a Previous Version

You can use Rollback Tool to undo up to two installed system updates. If you experience problems after completing an update, you may want to use this tool to roll back to a known state. Each time you run Rollback Tool, it removes the most recent system update and restores the version that existed just prior to the update.

Caution: If you have made any configuration changes since updating the system, running Rollback Tool will erase these changes.

To undo the most recent system update

1. Connect to the appliance using SSH or a serial connection, and log in as “root”.

2. Type rollback_tool.

3. When the command prompt reappears, type reboot to restart the appliance.

Caution: EX9000, EX7000, and EX6000 appliances: Remove any USB devices from the appliance before you reboot it. If a USB device is plugged in to your appliance when it is rebooted, the appliance tries to use it as a boot device. As a result, the boot information stored in the BIOS on the appliance is overwritten, and the EX9000, EX7000, or EX6000 becomes unusable.

Note: You cannot use Rollback Tool to remove any hotfixes that you’ve installed, but you can use AMC to do so; see Rolling Back to a Previous Version on page 328 for more information.

Performing a Factory Reset

A factory reset returns the appliance to the state it was in when you first received it. Running Factory Reset Tool erases any updates, configuration files, log files, and so forth that have been created or installed on the appliance. Two scenarios in which this tool may be appropriate:

: : You want to completely clean the machine and reuse it elsewhere.

: : The appliance is in an unrecoverable state. If so, you should contact Dell SonicWALL Technical Support and confirm that there is no other solution to your problem. A factory reset should be used only as a last resort to restore the appliance to a working condition.

To return the appliance to its original factory condition

1. Back up the configuration data on the appliance. You can do this in AMC (see Exporting the Current Configuration to a Local Machine on page 310), or by using Backup Tool (see Saving Configuration Data on page 690).

2. On a serial console, log in to the appliance as “root”.

3. Type factory_reset_tool. A message appears prompting you to reboot the appliance.

Caution: EX9000, EX7000, and EX6000 appliances: Remove any USB devices from the appliance before you reboot it. If a USB device is plugged in to your appliance when it is rebooted, the appliance tries to use it as a boot device. As a result, the boot information stored in the BIOS on the appliance is overwritten, and the EX9000, EX7000, or EX6000 becomes unusable.

4. Type reboot to restart the appliance. When the restart is complete, a prompt similar to the following appears:

Debian GNU/Linux 3.0 SSL-VPN ttyS1
SSL-VPN login:

5. Log in to the appliance as “root”; Setup Tool will run automatically.

Note: Performing a factory reset on an appliance is different from restoring factory default configuration settings. See Restoring Factory Default Configuration Settings on page 691.

Validating Hosts

Many of the access control rules that you create in AMC point to host resources; as each rule is evaluated, the appliance tries to resolve these hosts in DNS. When resources are added, deleted, and modified on an appliance, some may become outdated, or completely unreachable. If there are any hosts that can’t be resolved you may also find that performance slows down.

There is a script you can run from the command line on the appliance (using SSH) called checkhosts, located in /usr/local/extranet/bin. By reporting on hosts that may no longer be functional or reachable, this tool can help you update your resources and access control lists so that policy evaluation is more efficient.

For help with the command syntax, type the following:

<appliance prompt>:/usr/local/extranet/bin/checkhosts -h

For more information and examples on how to use checkhosts, see E-Class SRA knowledge base article 3010 on the MySonicwall.com Web site, in the Support area.