SonicWall Lab Automation – Entry 1

On this past Friday evening I wanted to set a goal for the weekend and what I came up with was a script/Module in Powershell to automate my SonicWall lab. The entire goal of developing this would be to save all that time waiting for firmware upgrades and factory reboots to take place. This would also go and do a basic configuration of the device.

Initial challenges were presented right away with the fact that registration of the SonicWall UTM appliance can only be done via the Web UI, current version of 6.5. This would mean digging into a common web test tool called Selenium, where luckily some have already written a few tools in Powershell to simplify things a little more.

Now the SonicWall UI is a set of iFrames which when using Selenium can cause some issues when looking for specific elements inside of said frames. This is made easier with the fact that you can actually, after authentication, directly navigate to some of the pages required. Example below:

This is the direct access to the registration page for the SonicWall UTM

Now with this discovery it was a bit simpler and easier now that there were far fewer elements and easier direct approach to fill in these forms. The registration portion is now complete, on to the next challenge “Handling Firmware Uploads and Factory Defaulting.”

There were a couple of challenges here but none with a solution.

  1. How to get the firmware uploaded into the SonicWall

I tried to do the way of using Selenium but unlike the Registration page, if you try to go to its directly hosted page you cannot interact with the page whatsoever. The only next solution was to use the CLI, and luckily SonicWall can have firmware uploaded via FTP and SCP. But, now where was I going to get this FTP server ? If I were programming in Python I could just program in a simple FTP server and host the file from there but I wanted to keep this purely in Powershell and I do not believe you can do such a thing. So, I looked towards an application solution and came up with installing Filezilla Server on the VM behind the X0 of the SonicWall.

Once the FTP server was up and running I used Posh-SSH , posted previously on, and wrote up a set of commands to get the job done. If you are familiar with SonicWalls you will know that when you boot to firmware that there is about a 600 second wait timer that runs while it handles writing the settings file to flash. Well this is where I ran into my first issue, where I had set the script to run too short and it killed the session too early thus corrupting the firmware image on the box causing it to boot into safe mode.

This is always why you test and test then test again in a lab environment when you have full access to the appliances for issues like these. Was not much of a matter, just manually re-uploaded and booted to the firmware to recover but definitely got me thinking to be sure of things when doing things in the future.

2. How to get back into the SonicWall after Factory Default

This is currently being handled via a manual process of executing another script from the Console side to go in and enabled SSH on the X0. In 6.5 firmware only the HTTPS management is enabled.

3. Configuring the SonicWall

This is handled via a single script that reads a text file full of CLI commands. It is a very basic approach but hopefully in the future I will be able to add more brains to this part of the process. This has now full reliance on the commands that you put into the text file and the order in which you put them in. If you know you cannot create an Address-Group that contains an Address-Object that has yet been created.

But by the end of the weekend, I am now successfully able to run a few Powershell scripts to Upload, Upgrade/Factory Default and/or Configure my SonicWall’s in my Lab. The time that will be saved will allow for more time in testing and enhancing this automated code base.

Once the code is more well built and sustainable for movement from machine to machine then it will be published to my Github and potentially Powershell community for all to use with simple commands of Execute-SnwlFacDef and Set-SnwlConfigFile and Execute-SnwlRebuild.


How to Setup Posh-SSH

If you have never installed any modules from PS Gallery you can run the below command so that you do not get the Untrusted Error.

Set-PSrepository -Name PSGallery -InstallationPolicy Trusted

Step 1:
Need to change the Execution Policy or you will throw an Error

Set-ExecutionPolicy Unrestricted CurrentUser

Step 2:
Need to go ahead and install the Posh-SSH module

We are adding on the -RequiredVersion switch as that is the stable version. There is a 2.1 version, but suggested version and this guide uses the 2.0.2 version.

Install-Module Posh-SSH -RequiredVersion 2.0.2

Step 3:
Import the module of Posh-SSH to make the commandlets available for use.

Import-Module Posh-SSH

Now you can verify this by running a Get-InstalledModule command and should output the Posh-SSH Module


Just for to see what we can do:
Let us now go ahead and run the Get-Command and see what Commandlets and functions are available within the Posh-SSH module

Get-Command – Module Posh-SSH

Step 4:
Initiate an SSH Session with the following command

New-SSHSession -ComputerName -AcceptKey

Even though the switch says ComputerName you can go ahead and put an Ip Address there. We are also going ahead and added the -AcceptKey to accept the RSA key of that SSH session. A Credentials popup window will come up to fill in the login creds, and this can be automated. For now we will just manually fill in the credentials.

Now you have established a session with your remote SSH enabled device. Be on the look out for another post on how to use Posh-SSH with a SonicWall UTM appliance.