I know, I know, I’m always saying that you don’t need a firewall. That’s mostly to get your attention to push my agenda of sane security architecture, I do actually believe that firewalls are appropriate in a great many use cases and I’ve managed them big and small ranging from Juniper SRX 5800 clusters to tiny purpose built BSD distros on custom hardware. I even managed Checkpoint and gauntlet firewall back in the 1990s. And Novell Border manager….good gravy….border manager. I just had a chill, that thing is still around. They work well when spec’d, designed, maintained correctly and placed in an appropriate location in a network architecture. That said, I have a few SonicWall devices that I work on occasionally and it has always irritated me that there was not a usable RANCID module for it. To that end, I hacked up the Cisco RANCID script to support very rudimentary config backups. <Insert comment about having some DevOps skills is useful, even if they are very basic like mine.> The script will log in and pull the config and version using the following commands:
show current-config
show versionI am really hoping that someone else will pick it up and massage it a bit because it is very chatty and will produce a diff every time due to the way SonicOS presents some of its configuration parameters. It also needs tested against larger SonicWall devices as I only have smaller boxes to run against. I know it works against a TZ210, YMMV. Please post comments on github if you use it with anything else. The password hash is particularly annoying, it always changes when the configuration is displayed. Some of the framework is there to remove it so I may hack at it a bit more but it’s usable in the loosest sense for the short term. It’s available on my github site.