Categories
SonicWall

Automating SonicWall NetExtender

Just published to my Github a Python script that automates logging into NetExtender with us of PyAutoGUI.

This script will take static variable inputs then try launching NetExtender and looking in with those preset login information that was provided in the script. The script will also error check making sure that the service and the application are started and if they are not it will go ahead and launch them.

Most of this is statically set like, Username, Password, Server IP, Domain, and the location of your NetExtender install.

The Github repo provides the needed images for the script to run, so make sure you download those as well. Images may need to be updated if you are using a different version than SonicWall NetExtender 8.6.263.

Here is the repo: https://github.com/brd651/SonicWall-NetExtender-AutoLogin

Categories
Uncategorized

SonicWall Lab Automation – Entry 1

On this past Friday evening I wanted to set a goal for the weekend and what I came up with was a script/Module in Powershell to automate my SonicWall lab. The entire goal of developing this would be to save all that time waiting for firmware upgrades and factory reboots to take place. This would also go and do a basic configuration of the device.

Initial challenges were presented right away with the fact that registration of the SonicWall UTM appliance can only be done via the Web UI, current version of 6.5. This would mean digging into a common web test tool called Selenium, where luckily some have already written a few tools in Powershell to simplify things a little more.

Now the SonicWall UI is a set of iFrames which when using Selenium can cause some issues when looking for specific elements inside of said frames. This is made easier with the fact that you can actually, after authentication, directly navigate to some of the pages required. Example below:

This is the direct access to the registration page for the SonicWall UTM

Now with this discovery it was a bit simpler and easier now that there were far fewer elements and easier direct approach to fill in these forms. The registration portion is now complete, on to the next challenge “Handling Firmware Uploads and Factory Defaulting.”

There were a couple of challenges here but none with a solution.

  1. How to get the firmware uploaded into the SonicWall

I tried to do the way of using Selenium but unlike the Registration page, if you try to go to its directly hosted page you cannot interact with the page whatsoever. The only next solution was to use the CLI, and luckily SonicWall can have firmware uploaded via FTP and SCP. But, now where was I going to get this FTP server ? If I were programming in Python I could just program in a simple FTP server and host the file from there but I wanted to keep this purely in Powershell and I do not believe you can do such a thing. So, I looked towards an application solution and came up with installing Filezilla Server on the VM behind the X0 of the SonicWall.

Once the FTP server was up and running I used Posh-SSH , posted previously on, and wrote up a set of commands to get the job done. If you are familiar with SonicWalls you will know that when you boot to firmware that there is about a 600 second wait timer that runs while it handles writing the settings file to flash. Well this is where I ran into my first issue, where I had set the script to run too short and it killed the session too early thus corrupting the firmware image on the box causing it to boot into safe mode.

This is always why you test and test then test again in a lab environment when you have full access to the appliances for issues like these. Was not much of a matter, just manually re-uploaded and booted to the firmware to recover but definitely got me thinking to be sure of things when doing things in the future.

2. How to get back into the SonicWall after Factory Default

This is currently being handled via a manual process of executing another script from the Console side to go in and enabled SSH on the X0. In 6.5 firmware only the HTTPS management is enabled.

3. Configuring the SonicWall

This is handled via a single script that reads a text file full of CLI commands. It is a very basic approach but hopefully in the future I will be able to add more brains to this part of the process. This has now full reliance on the commands that you put into the text file and the order in which you put them in. If you know you cannot create an Address-Group that contains an Address-Object that has yet been created.

But by the end of the weekend, I am now successfully able to run a few Powershell scripts to Upload, Upgrade/Factory Default and/or Configure my SonicWall’s in my Lab. The time that will be saved will allow for more time in testing and enhancing this automated code base.

Once the code is more well built and sustainable for movement from machine to machine then it will be published to my Github and potentially Powershell community for all to use with simple commands of Execute-SnwlFacDef and Set-SnwlConfigFile and Execute-SnwlRebuild.