Archive | Networking RSS for this section

Using Powershell for bulk SSH commands on Fortigate firewalls, etc.

I’ve been working with a customer with a large stack of Fortigate firewalls.  Quite frequently there is a requirement to run commands against some or all of the firewalls.  While config management can be performed via the FortiManager, after trialling it we realized there were simply too many limitations for their requirements.  Thankfully bulk commands can be performed with this handy PowerShell SSH Module:
http://www.powershelladmin.com/wiki/SSH_from_PowerShell_using_the_SSH.NET_library.  As an example, I’ve built a quick power shell script as an example of how this can be used.

1.) Populate a list of your firewall IP addresses in a CSV firewall called Firewalls.csv.
firewall-ips
2.) Example: Enable SCP on Fortigate firewalls (to be used in a running config backups, etc.)
Import-Module .\SSH-Sessions.psd1
$Firewalls = get-content .\firewalls.csv
$Username = “firewallusername”
$Password = “firewallpassword”
foreach ($Firewall in $Firewalls){
New-SshSession $Firewall -Username $Username -Password $Password
Invoke-SshCommand $Firewall -command ‘config system global
set admin-scp enable
end’
}

firewall-enablescp

Note: In a production environment you would want to a) Use Cert based authentication or b) Encrypt your User/Name password (or perhaps prompt for a credential when script is ran).  It goes without saying – backup your firewall config before you make any changes! 🙂

In my next post I’ll cover using pscp.exe to backup your firewall config in a PowerShell script.

Enabling Spanning Tree/STP on an HP Procurve Switch

Have had a couple of requests for setting up Spanning Tree on Procurve 2530 & 2920 switches recently.  It’s extremely straightforward & can be done via CLI with Telnet or through the Web Management.

Under the web login(http://ipaddress), login with your manager (read/write) login at the top right corner of the screen.  Expand Spanning Tree and Select Tree Management.  On the right-hand side, select Change and select the box to enable.  Save and you’re done
STP1

For the CLI, connect via Telnet to your switch IP address.  Type in menu from the CLI to bring up the configuration menu.
STP2

Select option 2 for Switch Configuration on the 1st Screen.
STP3a

Select Option 4 for Spanning Tree Operation from the next screen.
STP3b-new

Select Edit and press Enter from the bottom menu, use your arrows to select STP Enabled & Space Bar to toggle the selection to Yes. Press Enter to go back to the Actions Menu and Select Save to save changes.