Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
671
Views
0
Helpful
2
Replies

Exporting/Importing firewall rules from a VCS x7.2.2

Chris Swinney
Level 5
Level 5

‎12-16-2013 07:43 AM - edited ‎03-18-2019 02:19 AM

Hi All,

Does anyone know if it is possible to export and import a set of firewall rules that have been established on a VCS running x7.2.2?

It's not that we have a lot of rules, but we have a lot of VCS's to configure

There doesn't appear to be any thing in the xconfig section when logging on as admin, but I would have expected this to be more of a root thing. Still, the obvious option (IP Tables) doesn't look like its there either.

Chris

Labels:
0 Helpful
2 Replies 2

Chris Swinney
Level 5
Level 5

‎01-19-2014 07:21 PM

I posted this a reply to another thread, but  actually it is best linked here. I still have been unable to get this to work, but maybe this info would spark some imagination: The rest of this info is  submitted under  my own investigation and in no way should be deemed as a  Cisco recommended practice - still it good to tinker

The  rules are actually based on the IPTABLES command built into Linux which  can be accessed from a root login. However, I have tried to run an  'iptables-save' on one box and and 'iptables-restore' on a Test VCS, and  although I see the changes using 'iptables -L', they do not appear in  the web interface and that are wiped on reboot.

It   looks as though the iptables command is manipulated through a Python   script called 'iptablesd.py' located in '/sbin' directory and a log is   written to '/mnt/harddisk/log'. You can even see where the User  Firewall  rules are wrtien out to, which is   '/tandberg/persistent/user_firewall_ipv4.conf'. This file seems to be   read in on boot to build the IPTables rule list, but manipulating it   directly didn't appear to do much good either as it seems to be over   writen during the shutdown sequence.

I'm  not sure if x8.1 makes up for this deficiency as  we havn't got around  to testing it yet, but I will keep digging to see  if ther is a way to  manipulate this.

Chris

0 Helpful

Justin Ferello
Level 5
Level 5
In response to Chris Swinney

‎01-20-2014 08:09 AM

Chris,

Thank you for all the good information you have provided so far, please do keep us up to date   I have not gotten this question yet on oour helpdesk, but I am sure I will soon.  We do a lot of RMAs, so it will come up sooner or later.

Thank you,


Justin Ferello
Technical Support Specialist
KBZ, a Cisco Authorized Distributor
http://www.kbz.com
e/v: justin.ferello@kbz.com

Thank you,
Justin Ferello
Technical Support Specialist, ScanSource KBZ
0 Helpful
Customers Also Viewed These Support Documents