How to add multiple routes on a VSX firewall cluster?

[eduardw]

We are in the progress of migrating our firewalls to VSX clusters on HP hardware.
But on many of the firewalls we have, have more then 100 static routes some have even more the 500.
I know you can ad these route individual by using the GUI. But this is a very time consuming and unreliable process. Is there a proven method of adding multiple routes on the command line of the virtual system (firewall).

Most of our current firewalls are running on sun Solaris a few on Secure platform.


Kind Regards


Eduard


The Netherlands

[Routerkid1]

route add command but it will not survive a reboot. You will need to use sysconfig.

[eduardw]

Thanks, we are working hard to get the number of routes down.
The only correct way for VSX is adding them in the policy. Checkpoint has told us that they will working on a feature so we can add rules from files. But not before Q3 2008 .
In the mean while we have migrate about 30 firewalls to VSX, with a average down time of under 80 seconds. But adding the routes takes al lot of time about 45tot 60seconds a route. So this is still a very time consuming job. We have not yet tried to migrate the firewalls with the large route tables 600+.

I hope checkpoint will have the imports routes from file feature a lot sooner. Because I don’t want to spend my weekends the next year for migrating firewalls with large route tables.


Kind Regards
Eduard

[lunatrick]

I have seen some kind of visual basic script run to add a large number of routes in one go - but I don't have the script unfortunately....anyway just a blunt tool to speed up the data entry....

[eduardw]

Last week I’ve spoken to our checkpoint sales rep.
He told us that they put this feature high on the list for enhancements request. That’s great but no date yet.
I would love to see a offline configuration tool for creating virtual system off course with the option of adding routes by importing them form a csv file.

Eduard
The Netherlands

[Eaulivier]

Quote:

Originally Posted by eduardw

Last week I’ve spoken to our checkpoint sales rep.
He told us that they put this feature high on the list for enhancements request. That’s great but no date yet.
I would love to see a offline configuration tool for creating virtual system off course with the option of adding routes by importing them form a csv file.

Eduard
The Netherlands

Hello Eduard,

You can use the CLI commando route add and at the end have

save_route --save

To effectively save your static routes that will survive a reboot !

With kind regards,

Olivier

[abusharif]

you can also script it directly to the config file (/etc/sysconfig/netconf.c)

[chillyjim]

This is true on standard SPLAT, it is not the case for a VS or VR on VSX.
Open a support call and or really bug your SE, I would bet there is an unsupported script floating around somewhere to do just this.

[eduardw]

Thanks all, because I’ve still not find a solution to our problem, we are going to migrate to a temporary solution before we migrate the 2 firewalls to vsx.
The routes on the firewalls will be migrated to 2 standalone cisco routes to handle the route table. The firewalls will get a default route to one of these routers.
When checkpoint has figured it out to at bulk routes and away to sort them in the topology tab then we probably migrate the routes back to the vsx firewalls.

Regards

Eduard