This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

SonicWall firmware update with Config Change Templates

Hey everyone,

Running into a little issue.  I am trying to use Config Change Templates to perform firmware updates for about several hundred SonicWalls.

First I created a CCT to have the SonicWall run the import ftp commands to download the firmware from my share.  Then a second CCT to make the sonicwall 'boot imported' which brings it up on the new firmware.  Where I run into an issue is the SonicWall only supports FTP or SCP.  On SonicWalls connected to slower connections after about 60-70 seconds the SonicWall will kill the session before the firmware has been downloaded.  With SCP the SonicWall will download the entire firmware, so I would like to use SCP.  Where I am running into an issue is when the device runs the command:

import firmware scp scp://UID@XXX.XXX.XXX.XXX/sonicos.sig

The authenticity of host 'xx.xx.xx.xx (xx.xx.xx.xx)' can't be established.

RSA key fingerprint is XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX

Are you sure you want to continue connecting (yes/no)? Yes

My CCT script doesn't wait for the RSA key to generate before it sends the Yes command, which causes this to fail.

Output from the failed script on Solarwinds Config Change Template logs

import firmware scp scp://UID@xx.xx.xx.xx/sonicos.sig

The authenticity of host 'xx.xx.xx.xx (xx.xx.xx.xx)' can't be established.

RSA key fingerprint is XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX

YES

xxxxxxxxxxx

YES

Are you sure you want to continue connecting (yes/no)?Please type 'yes' or 'no':Please type 'yes' or 'no':Please type 'yes' or 'no':

Host key verification failed.

% Error encountered processing command:

    import firmware scp scp://uid@xx.xx.xx.xx/sonicos.sig

% Error: File transfer error.

My script is as follows:

// Template to have SonicWall SCP new Firmware from Orion.

/*

.PARAMETER_LABEL @ContextNode

        NCM Node

.PARAMETER_DESCRIPTION @ContextNode

        The node the template will operate on.  All templates require this by default. The target node is selected during the first part of the wizard so it will not be available for selection when defining values of variables.

*/

script GetFirmware(NCM.Nodes @ContextNode)

{

  string @BootCommand='import firmware scp scp://UID@xx.xx.xx.xx/sonicos.sig'

  CLI

  {

    @BootCommand

    YES

    xxxxxxxxxxx

    YES

  }

}

OK so my question is, does any one know of a way to script the SonicWall to wait after 'import firmware scp scp://UID@xx.xx.xx.xx/sonicos.sig' for approx. 5 seconds before sending the YES command, so that the RSA key has time to generate?  The password that is x'ed out and second YES command can run as normal.  But it seems like the CCT is sending the first yes before the RSA key is generated.

Thanks in advance,