How to make config changes to multiple devices

DKonkin · August 29, 2017, 12:06am

Hi,
We have a customer network with 100+ Pepwaves that require the addition of the following configuration:
1, Enable expert-mode in Outbount policy.
2, Add an Out policy for all packets with source address 192.168.0.0/16 to be sent over a specific SFVPN.
3, Add FW policy internal allowing that traffic from 192.168.0.0/16.

It takes an unreasonable amount of time to manually reconfigure each Pepwave. How can we automate or script these three simple config changes to be pushed to all the devices?.

Thanks
Dana

Joey_van_der_Gaag · August 29, 2017, 1:07am

Hello @DKonkin,

The ‘Bulk Configurator’ feature in InControl 2 is made for exactly these type of challenges.

After configuring one Pepwave the way you want to configure all Pepwaves, download the configuration file from this unit.
You can do this by logging into the device and going to ‘System’ > ‘Configuration’ > ‘Download Active Configurations’.

When this is done, login to InControl 2 and go to the group(s) which contain the Pepwaves you want to reconfigure.
When you’re in the group, hover your mouse on ‘Settings’ and click on ‘Bulk Configurator’.
You will then be forwarded to this page:

Keep in mind you can only push configuration files onto corresponding applicable devices.
Hope this helps!

Joey

DKonkin · August 29, 2017, 1:33am

Hi Joey

What if the target devices are already in a live production environment with unique, per device configuration?

Thanks
Dana

Get Outlook for Androidhttps://aka.ms/ghei36

Joey_van_der_Gaag · August 29, 2017, 2:07am

Hi Dana,

If they have unique, per device configurations that have to be retained, the Bulk Configurator will most likely not be your way to go.
The Bulk Configurator is designed for easily flashing a large amount of devices with the same configuration.

I’m not sure if there’s another way than reconfiguring everything, one by one, in this case.
This is also possible via InControl 2, as long as the target devices are online, but will still require you to do it one by one.

@TK_Liew/@sitloongs, is there a workaround I haven’t thought of?

Venn · August 29, 2017, 3:51am

Dana,

You have to forbid traffic from 192.168.0.0 to block internal traffic? A balance can’t do it but a FusionHub can in one click.

for the scripting of the outbound policy, you can’t do it in CLI unfortunately. I’d automate it with a graphical scripting and do the action via internal network then block the traffic between peers.

Kr,

sitloongs · August 30, 2017, 2:55am

@Joey_van_der_Gaag and @DKonkin Don’t think it can be achieve for now.

Just for your info, those mention configuration will be available soon in IC2 management.

Outbound policy - Target to implement in IC version 2.6 which is to be released later this year
Firewall policy - After IC2 version 2.6.

This should able to help up for such policy/rules deployment.

DKonkin · August 30, 2017, 6:26am

Thanks Sitloong,

When will we be able to send asci or xml configuration changes?
(Until that is possible, automated provisioning is impossible).

Regards,
Dana

[cid:[email protected]]https://www.onwave.com/

DANA KONKIN

Head of Technology

Mobile UK: +44 (0)7449 200 010
Mobile DE: +49 (0)1523 678 0060

Office: 0844 775 0000tel:0844%20775%200000

www.onwave.com https://www.onwave.com/ [cid:[email protected]] https://www.facebook.com/Onwave-188794647837446/ [cid:[email protected]] https://twitter.com/onwaveuk [cid:[email protected]] https://www.linkedin.com/company/2648448

CONFIDENTIALITY AND DISCLAIMER NOTICE:
This e-mail is intended only for the addressee named above and the contents should not be disclosed to any other person nor copies taken. Any views or opinions presented are solely those of the sender and do not necessarily represent those of onwave Limited unless otherwise specifically stated. As internet communications are not secure we do not accept legal responsibility for the contents of this message nor responsibility for any change made to this message after it was sent by the original sender. We advise you to carry out your own virus check before opening any attachment as we cannot accept liability for any damage sustained as a result of any software viruses.
Registered in England No: 7490613