config_system -t <file>     # Create a blank template file for editing
config_system -f <file>     # Load settings for first time configuration from file
config_system -s "install_security_gw=true&<etc>"  # Load settings via string instead of file

-- CONFIGURATION FILE --
# INSTALLATION OF THE SOFTWARE
install_security_gw=<true|false>     # $TAG_GW - Install security gateway?
install_ppak=<true|false>        # $TAG_PPAK - Install Performan Pack?
gateway_daip=<true|false>        # DAIP - Dynamic IP? This should be false if ClusterXL or this is a management server ($TAG_MGMT)
gateway_cluster_member=<true|false>    # ClusterXL - Enable ClusterXL?

# MANAGEMENT SERVER CONFIGURATIONS
install_security_managment=<true|false>        # $TAG_MGMT - Install management server?
install_mgmt_primary=<true|false>            # Optional Parameter - Primary Management Server? - Only this or the following can be true. Both cannot be true
install_mgmt_secondary=<true|false>            # Optional Parameter - Secondary Management Server? - Only this or the above can be true. Both cannot be true

# MDS PARAMETERS
install_mds_primary=<true|false>    # Primary MDS? - Only this or the following can be true. Both cannot be true
install_mds_secondary=<true|false>    # Secondary MDS? - Only this or the above can be true. Both cannot be true
install_mlm=<true|false>            # Install Multi-Customer Log Manager?
install_mds_interface=<interface>    # Define the MDS interface to use

# MANAGEMENT SERVER CONFIGURATIONS
mgmt_admin_name=<name>                # GUI Client Admin Name
mgmt_admin_passwd=<password>        # GUI Client Admin Password
mgmt_gui_clients_radio=<any|range|network|this>         # Choose "this" for a single IP address
mgmt_gui_clients_first_ip_field=<ip>                # If "range" chosen for mgmt_gui_clients_radio
mgmt_gui_clients_last_ip_field=<ip>                    # If "range" chosen for mgmt_gui_clients_radio
mgmt_gui_clients_ip_field=<ip>                        # If "network" chosen for mgmt_gui_clients_radio
mgmt_gui_clients_subnet_field=<0-32>                # If "network" chosen for mgmt_gui_clients_radio (this is the CIDR)
mgmt_gui_clients_hostname=<ip>                        # If "this" chose for mgmt_gui_clients_radio
ftw_sic_key=<blah>                                    # SIC password

# OS LEVEL CONFIGURATION
admin_hash=<hash>                    # Optional Parameter - Set the admin password hash (can be grabbed from the firewall by running 'grep admin /etc/shadow | cut -d: -f2')
iface=<interface>                    # Optional Parameter - Management interface name
ipaddr_v4=<ipv4>                    # Management interface IP address (if this is overriding current IP, the current IP will be kept as a secondary address so that we don't lost access. This IP will need to be deleted after configuration)
masklen_v4=<0-32>                    # Management interface netmask (CIDR)
default_gw_v4=<ipv4>
ipaddr_v6=<ipv6>                    # Managetment interface IPv6 address
masklen_v6=<ipv6>                    # Managetment interface IPv6 subnet
default_gw_v6=<ipv6>
hostname=<name>                        # Optional Parameter - Device Hostname
timezone='<ETC/GMT-5/etc>'            # Optional Parameter - Set the timezone
domainname=<example.com>            # Optional Parameter
ntp_primary=<ip>                    # Optional Parameter
ntp_primary_version=<version>        # Optional Parameter
ntp_secondary=<ip>                    # Optional Parameter
ntp_secondary_version=<version>        # Optional Parameter
primary=<ip>                        # Optional Parameter - DNS Server IP
secnondary=<ip>                        # Optional Parameter - DNS Server IP
tertiary=<ip>                        # Optional Parameter - DNS Server IP

Notes:

  • Add --dry-run to test configuration settings before implementation
  • A reboot will be required to complete the configuration

Documentation

Next Post Previous Post